Vulnerabilities > Pimcore

DATE CVE VULNERABILITY TITLE RISK
2023-07-21 CVE-2023-3821 Cross-site Scripting vulnerability in Pimcore
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.
network
low complexity
pimcore CWE-79
5.4
2023-07-21 CVE-2023-3822 Cross-site Scripting vulnerability in Pimcore
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.
network
low complexity
pimcore CWE-79
6.1
2023-07-14 CVE-2023-3673 SQL Injection vulnerability in Pimcore
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
network
low complexity
pimcore CWE-89
7.2
2023-07-11 CVE-2023-37280 Cross-site Scripting vulnerability in Pimcore Admin Classic Bundle 1.0.0/1.0.1/1.0.2
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework.
network
low complexity
pimcore CWE-79
6.1
2023-07-10 CVE-2023-3574 Unspecified vulnerability in Pimcore Customer Management Framework
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.
network
low complexity
pimcore
6.5
2023-05-30 CVE-2023-2983 Privilege Defined With Unsafe Actions vulnerability in Pimcore
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
network
low complexity
pimcore CWE-267
8.8
2023-05-30 CVE-2023-2984 Path Traversal: '..filename' vulnerability in Pimcore
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
network
low complexity
pimcore CWE-29
8.8
2023-05-25 CVE-2023-2881 Insufficiently Protected Credentials vulnerability in Pimcore Customer-Data-Framework
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
network
low complexity
pimcore CWE-522
4.9
2023-05-17 CVE-2023-2756 SQL Injection vulnerability in Pimcore Customer Management Framework
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
network
low complexity
pimcore CWE-89
7.2
2023-05-16 CVE-2023-2730 Cross-site Scripting vulnerability in Pimcore
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
network
low complexity
pimcore CWE-79
5.4