Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2361
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
6.8
CVSSv2
CVE-2018-14057
Pimcore prior to 5.3.0 allows remote malicious users to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
Pimcore Pimcore
1 EDB exploit
3.5
CVSSv2
CVE-2021-39166
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore versio...
Pimcore Pimcore
NA
CVE-2022-3211
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.6.
Pimcore Pimcore
NA
CVE-2022-3255
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user i...
Pimcore Pimcore
NA
CVE-2023-0323
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.5.14.
Pimcore Pimcore
5
CVSSv2
CVE-2021-39189
Pimcore is an open source data & experience management platform. In versions before 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
Pimcore Pimcore
NA
CVE-2022-39365
Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code executio...
Pimcore Pimcore
NA
CVE-2023-2336
Path Traversal in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
NA
CVE-2023-2338
SQL Injection in GitHub repository pimcore/pimcore before 10.5.21.
Pimcore Pimcore
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »