CVE-2025-55745 UnoPim Quick Export feature is vulnerable to CSV injection

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

CVE-2025-55745 UnoPim Quick Export feature is vulnerable to CSV injection

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

PT-2025-34444 · Microsoft +1 · Office Excel +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.3.1 Description: UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are susceptible to CSV injection, also known as formula injection, in the...

UnoPim vulnerable to remote code execution through Arbitrary File upload

Summary: Affected Functionality: Image upload at User creation Endpoint: /admin/settings/users/create Details The image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy lik...

PT-2025-34235 · Unopim +1 · Unopim +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.2.1 Description: UnoPim, an open-source Product Information Management PIM system built on the Laravel framework, contains a stored cross-site scripting vulnerability. The vulnerability is due to an SVG MIME/sanitiz...

CVE-2024-52305

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an...

CVE-2024-50637

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...

Cross-Site Scripting (XSS)

unopim/unopim is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the Create User function, allowing attackers to exploit an SVG document to steal cookies...