40 matches found
CVE-2023-1517
Cross-site Scripting XSS - DOM in GitHub repository pimcore/pimcore prior to 10.5.19...
CVE-2023-1429
Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19...
CVE-2023-1312
Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19...
CVE-2023-1286
Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.19...
CVE-2023-1578
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19...
CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore
A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...
Pimcore 跨站脚本漏洞
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exist...
PT-2023-18905 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimcore/pimcore version 10.5.19 Description: A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules, specifically in the From and To fields of the Date Range section. This allows an attacker to inject...
Pimcore vulnerable to improper quoting of filters in Custom Reports
Impact Since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by manipulating a user to click on a link. The impact of this path traversal and arbitra...
Cross site request forgery (csrf)
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by...
CVE-2023-28438 Pimcore vulnerable to improper quoting of filters in Custom Reports
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by...
GHSA-42C3-WVWW-GCQJ Pimcore Remote Code Execution vulnerability in Search function
Impact Attacker can get full DB and maybe RCE knowing the WEBROOT path Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch Workarounds Apply patch...
Pimcore Remote Code Execution vulnerability in Search function
Impact Attacker can get full DB and maybe RCE knowing the WEBROOT path Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch Workarounds Apply patch...
CVE-2023-1578 SQL Injection in pimcore/pimcore
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19...
Pimcore SQL注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A SQL injection vulnerability exists in Pimcor...
Pimcore SQL注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in Pimcore...
Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field
Impact Unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.19 or apply this...
CVE-2023-1517
Cross-site Scripting XSS - DOM in GitHub repository pimcore/pimcore prior to 10.5.19...
CVE-2023-1517 Cross-site Scripting (XSS) - DOM in pimcore/pimcore
Cross-site Scripting XSS - DOM in GitHub repository pimcore/pimcore prior to 10.5.19...
Pimcore 跨站脚本漏洞
Pimcore is Austria's Pimcore company's set of open source for the creation and management of Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerabilit...