Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2021-4081
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
383
VMScore
CVE-2021-4084
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
NA
CVE-2023-4453
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore before 10.6.8.
Pimcore Pimcore
356
VMScore
CVE-2021-4146
Business Logic Errors in GitHub repository pimcore/pimcore before 10.2.6.
Pimcore Pimcore
312
VMScore
CVE-2021-39170
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch ma...
Pimcore Pimcore
445
VMScore
CVE-2021-39189
Pimcore is an open source data & experience management platform. In versions before 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
Pimcore Pimcore
NA
CVE-2023-30849
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.
Pimcore Pimcore
668
VMScore
CVE-2019-18981
Pimcore prior to 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
Pimcore Pimcore
445
VMScore
CVE-2019-18985
Pimcore prior to 6.2.2 lacks brute force protection for the 2FA token.
Pimcore Pimcore
445
VMScore
CVE-2019-18986
Pimcore prior to 6.2.2 allow malicious users to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
Pimcore Pimcore
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »