Vulnerabilities > Pimcore > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-4084 Cross-site Scripting vulnerability in Pimcore
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
pimcore CWE-79
4.3
4.3
2021-12-10 CVE-2021-4081 Cross-site Scripting vulnerability in Pimcore
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
pimcore CWE-79
4.3
4.3
2021-12-10 CVE-2021-4082 Cross-Site Request Forgery (CSRF) vulnerability in Pimcore
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
network
pimcore CWE-352
4.3
4.3
2021-09-15 CVE-2021-39189 Information Exposure Through Discrepancy vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
low complexity
pimcore CWE-203
5.0
5.0
2021-08-18 CVE-2021-37702 Improper Neutralization of Formula Elements in a CSV File vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
low complexity
pimcore CWE-1236
6.5
6.5
2021-08-04 CVE-2021-31867 SQL Injection vulnerability in Pimcore Customer Management Framework
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application.
network
low complexity
pimcore CWE-89
5.0
5.0
2021-08-04 CVE-2021-31869 SQL Injection vulnerability in Pimcore Adminbundle
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application.
network
low complexity
pimcore CWE-89
5.0
5.0
2021-07-09 CVE-2021-23405 SQL Injection vulnerability in Pimcore
This affects the package pimcore/pimcore before 10.0.7.
network
low complexity
pimcore CWE-89
6.5
6.5
2021-02-18 CVE-2021-23340 Path Traversal vulnerability in Pimcore
This affects the package pimcore/pimcore before 6.8.8.
network
low complexity
pimcore CWE-22
5.5
5.5
2020-12-03 CVE-2020-26246 Improper Preservation of Permissions vulnerability in Pimcore
Pimcore is an open source digital experience platform.
network
low complexity
pimcore CWE-281
4.0
4.0