Vulnerabilities > Pimcore > Pimcore > 6.2.0

DATE CVE VULNERABILITY TITLE RISK
2019-11-15 CVE-2019-18982 Cross-site Scripting vulnerability in Pimcore
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
network
pimcore CWE-79
4.3
4.3
2019-11-15 CVE-2019-18981 Inappropriate Encoding for Output Context vulnerability in Pimcore
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
network
low complexity
pimcore CWE-838
7.5
7.5