Vulnerabilities > Pimcore
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-16 | CVE-2023-1429 | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | 5.4 |
| 2023-03-10 | CVE-2023-1312 | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | 4.8 |
| 2023-03-09 | CVE-2023-1286 | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | 4.8 |
| 2023-03-01 | CVE-2023-1115 | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 |
| 2023-03-01 | CVE-2023-1116 | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 |
| 2023-03-01 | CVE-2023-1117 | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 |
| 2023-02-27 | CVE-2023-1067 | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | 5.4 |
| 2023-02-14 | CVE-2023-0827 | Cross-site Scripting vulnerability in Pimcore 1.4.3/1.4.9/1.5.0 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. | 5.4 |
| 2023-02-13 | CVE-2023-25240 | Unspecified vulnerability in Pimcore 10.5.15 An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. | 8.8 |
| 2023-02-03 | CVE-2023-23937 | Unrestricted Upload of File with Dangerous Type vulnerability in Pimcore Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. | 5.4 |