Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pimcore vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-49076
Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.
Pimcore Pimcore
5.4
CVSSv3
CVE-2022-0251
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.2.10.
Pimcore Pimcore
5.4
CVSSv3
CVE-2022-0256
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore Pimcore
8.8
CVSSv3
CVE-2022-0258
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Pimcore Pimcore
5.4
CVSSv3
CVE-2022-0260
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore before 10.2.7.
Pimcore Pimcore
6.1
CVSSv3
CVE-2022-0262
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore before 10.2.7.
Pimcore Pimcore
5.4
CVSSv3
CVE-2022-0285
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore before 10.2.9.
Pimcore Pimcore
5.4
CVSSv3
CVE-2022-0348
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore before 10.2.
Pimcore Pimcore
5.4
CVSSv3
CVE-2022-0510
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore before 10.3.1.
Pimcore Pimcore
6.4
CVSSv3
CVE-2022-0565
Cross-site Scripting in Packagist pimcore/pimcore before 10.3.1.
Pimcore Pimcore
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »