Vulnerabilities > Pimcore > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-10 CVE-2021-4084 Unspecified vulnerability in Pimcore
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
pimcore
6.1
6.1
2021-12-10 CVE-2021-4081 Unspecified vulnerability in Pimcore
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
pimcore
6.1
6.1
2021-12-10 CVE-2021-4082 Unspecified vulnerability in Pimcore
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
pimcore
4.3
4.3
2021-09-01 CVE-2021-39166 Unspecified vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
low complexity
pimcore
5.4
5.4
2021-09-01 CVE-2021-39170 Cross-site Scripting vulnerability in Pimcore
Pimcore is an open source data & experience management platform.
network
low complexity
pimcore CWE-79
5.4
5.4
2020-12-03 CVE-2020-26246 Improper Preservation of Permissions vulnerability in Pimcore
Pimcore is an open source digital experience platform.
network
low complexity
pimcore CWE-281
6.5
6.5
2019-11-18 CVE-2019-10763 SQL Injection vulnerability in Pimcore
pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection.
network
low complexity
pimcore CWE-89
6.5
6.5
2019-11-15 CVE-2019-18982 Cross-site Scripting vulnerability in Pimcore
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
network
low complexity
pimcore CWE-79
6.1
6.1
2019-10-31 CVE-2019-18656 Cross-site Scripting vulnerability in Pimcore 6.2.3
Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements.
network
low complexity
pimcore CWE-79
6.1
6.1
2018-08-24 CVE-2018-14059 Cross-site Scripting vulnerability in Pimcore
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.
network
low complexity
pimcore CWE-79
5.4
5.4