Vulnerabilities > Pimcore > Pimcore > 1.5.17
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-03 | CVE-2023-23937 | Unrestricted Upload of File with Dangerous Type vulnerability in Pimcore Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. | 5.4 |
2022-02-14 | CVE-2022-0565 | Cross-site Scripting vulnerability in Pimcore Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1. | 6.4 |