Vulnerabilities > Pimcore

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2023-2332 Cross-site Scripting vulnerability in Pimcore 10.5.19
A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19.
network
low complexity
pimcore CWE-79
4.8
4.8
2024-10-23 CVE-2024-49370 Unspecified vulnerability in Pimcore
Pimcore is an open source data and experience management platform.
network
low complexity
pimcore
4.9
4.9
2024-06-04 CVE-2024-32871 Allocation of Resources Without Limits or Throttling vulnerability in Pimcore
Pimcore is an Open Source Data & Experience Management Platform.
network
low complexity
pimcore CWE-770
7.5
7.5
2024-02-07 CVE-2024-24822 Missing Authorization vulnerability in Pimcore Admin Classic Bundle
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore.
network
low complexity
pimcore CWE-862
critical
 9.1
9.1
2024-01-24 CVE-2024-23646 SQL Injection vulnerability in Pimcore Admin Classic Bundle
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore.
network
low complexity
pimcore CWE-89
8.8
8.8
2024-01-24 CVE-2024-23648 Injection vulnerability in Pimcore Admin Classic Bundle
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore.
network
low complexity
pimcore CWE-74
8.8
8.8
2024-01-11 CVE-2024-21665 Unspecified vulnerability in Pimcore E-Commerce Framework
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle.
network
low complexity
pimcore
4.3
4.3
2024-01-11 CVE-2024-21666 Improper Access Control vulnerability in Pimcore Customer Management Framework
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation.
network
low complexity
pimcore CWE-284
6.5
6.5
2024-01-11 CVE-2024-21667 Improper Access Control vulnerability in Pimcore Customer Management Framework
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore.
network
low complexity
pimcore CWE-284
6.5
6.5
2023-11-30 CVE-2023-49076 Cross-Site Request Forgery (CSRF) vulnerability in Pimcore
Customer-data-framework allows management of customer data within Pimcore.
network
low complexity
pimcore CWE-352
6.5
6.5