8 matches found
DRUPAL-CONTRIB-2024-036
This module enables field collections to be displayed as tables. It supports display suite and field permissions and provides operations modify, delete, duplicate. This module has multiple vulnerabilities due to the requirements on the routes it provides not being restrictive enough. Information...
Pimcore XSS Vulnerability
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...
GHSA-276R-24XQ-HWG8 Pimcore XSS Vulnerability
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...
Cross-site Scripting (XSS)
pimcore is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization in the input in Field-Collections and Objectbricks in Data Objects...
Cross-site Scripting (XSS) - Stored
Description pimcore datahub is vulnerable to Stored XSS in multiple places including: 1 Field-Collections in Data Objects 2 Objectbricks in Data Objects Proof of Concept for both 1 & 2 Step 1: Go to https://10.x-dev.pimcore.fun/admin/ and login. Step 2: Click Settings Data Objects Field-Collectio...
Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
Description Reflected cross site scripting vulnerability in pimpore/pimcore , it is in group field in Field collections and objectbricks in settings module. Proof of Concept 1 .Login to demo account 2 . Go to settings module --data objects --object bricks or Field collection -- edit any one and a...
Design/Logic Flaw
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...
CVE-2018-14059
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...