Vulnerabilities > Pimcore > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2024-21665 Unspecified vulnerability in Pimcore E-Commerce Framework
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle.
network
low complexity
pimcore
4.3
4.3
2024-01-11 CVE-2024-21666 Improper Access Control vulnerability in Pimcore Customer Management Framework
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation.
network
low complexity
pimcore CWE-284
6.5
6.5
2024-01-11 CVE-2024-21667 Improper Access Control vulnerability in Pimcore Customer Management Framework
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore.
network
low complexity
pimcore CWE-284
6.5
6.5
2023-11-30 CVE-2023-49076 Cross-Site Request Forgery (CSRF) vulnerability in Pimcore
Customer-data-framework allows management of customer data within Pimcore.
network
low complexity
pimcore CWE-352
6.5
6.5
2023-11-15 CVE-2023-47636 Information Exposure Through an Error Message vulnerability in Pimcore Admin Classic Bundle
The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore.
network
low complexity
pimcore CWE-209
5.3
5.3
2023-10-31 CVE-2023-46722 Cross-site Scripting vulnerability in Pimcore Admin Classic Bundle
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore.
network
low complexity
pimcore CWE-79
6.1
6.1
2023-10-31 CVE-2023-5873 Cross-site Scripting vulnerability in Pimcore
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.
network
low complexity
pimcore CWE-79
5.4
5.4
2023-09-27 CVE-2023-5192 Excessive Data Query Operations in a Large Data Table vulnerability in Pimcore Core
Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.
network
low complexity
pimcore CWE-1049
6.5
6.5
2023-09-25 CVE-2023-42817 Cross-site Scripting vulnerability in Pimcore Admin Classic Bundle
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore.
network
low complexity
pimcore CWE-79
5.4
5.4
2023-08-21 CVE-2023-4453 Cross-site Scripting vulnerability in Pimcore
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.
network
low complexity
pimcore CWE-79
5.4
5.4