Vulnerabilities > Pimcore
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-21 | CVE-2021-4139 | Cross-site Scripting vulnerability in Pimcore pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 9.0 |
| 2021-12-10 | CVE-2021-4084 | Cross-site Scripting vulnerability in Pimcore pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 |
| 2021-12-10 | CVE-2021-4081 | Cross-site Scripting vulnerability in Pimcore pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 |
| 2021-12-10 | CVE-2021-4082 | Cross-Site Request Forgery (CSRF) vulnerability in Pimcore pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | 4.3 |
| 2021-09-15 | CVE-2021-39189 | Information Exposure Through Discrepancy vulnerability in Pimcore Pimcore is an open source data & experience management platform. | 5.3 |
| 2021-09-01 | CVE-2021-39166 | Cross-site Scripting vulnerability in Pimcore Pimcore is an open source data & experience management platform. | 5.4 |
| 2021-09-01 | CVE-2021-39170 | Cross-site Scripting vulnerability in Pimcore Pimcore is an open source data & experience management platform. | 5.4 |
| 2021-08-18 | CVE-2021-37702 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Pimcore Pimcore is an open source data & experience management platform. | 8.8 |
| 2021-08-04 | CVE-2021-31867 | SQL Injection vulnerability in Pimcore Customer Management Framework Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. | 7.5 |
| 2021-08-04 | CVE-2021-31869 | SQL Injection vulnerability in Pimcore Adminbundle Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. | 7.5 |