Lucene search
GoogleOSV:GHSA-276R-24XQ-HWG8HistoryMay 14, 2022 - 2:02 a.m.
Pimcore XSS Vulnerability
2022-05-1402:02:38
Google
osv.dev
3
pimcore
xss
users
assets
data objects
video thumbnails
image thumbnails
field-collections
objectbrick
classification store
document types
predefined properties
predefined asset metadata
quantity value
static routes
EPSS
0.003
Percentile
68.4%
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.
References
packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html
seclists.org/fulldisclosure/2018/Aug/13
nvd.nist.gov/vuln/detail/CVE-2018-14059
www.exploit-db.com/exploits/45208
www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software
Related
prion
prion
Design/Logic Flaw
2018-08-24 22:29:00
veracode
veracode
Cross-site Scripting (XSS)
2018-08-17 06:40:14
osv
osv
CVE-2018-14059
2018-08-24 22:29:00
nvd
nvd
CVE-2018-14059
2018-08-24 22:29:00
cve
cve
CVE-2018-14059
2018-08-24 22:29:00
cvelist
cvelist
CVE-2018-14059
2018-08-24 22:00:00
github
github
Pimcore XSS Vulnerability
2022-05-14 02:02:38
packetstorm
packetstorm
Pimcore 5.2.3 CSRF / Cross Site Scripting / SQL Injection
2018-08-16 00:00:00
zdt
zdt
exploitpack
exploitpack
exploitdb
exploitdb