Vulnerabilities > Pimcore > Pimcore > 6.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-15 | CVE-2019-18982 | Cross-site Scripting vulnerability in Pimcore bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. | 4.3 |
2019-11-15 | CVE-2019-18981 | Inappropriate Encoding for Output Context vulnerability in Pimcore Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. | 7.5 |