Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2614
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
NA
CVE-2023-49076
Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.
Pimcore Pimcore
6.5
CVSSv2
CVE-2020-7759
The package pimcore/pimcore from 6.7.2 and prior to 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the follo...
Pimcore Pimcore
3.5
CVSSv2
CVE-2022-0256
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
4.3
CVSSv2
CVE-2022-0262
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore before 10.2.7.
Pimcore Pimcore
3.5
CVSSv2
CVE-2022-0285
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore before 10.2.9.
Pimcore Pimcore
3.5
CVSSv2
CVE-2022-0510
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore before 10.3.1.
Pimcore Pimcore
5.5
CVSSv2
CVE-2022-0665
Path Traversal in GitHub repository pimcore/pimcore before 10.3.2.
Pimcore Pimcore
3.5
CVSSv2
CVE-2022-0893
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.4.0.
Pimcore Pimcore
NA
CVE-2023-30850
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.
Pimcore Pimcore
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »