CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

RedhatCVE•added 2025/05/23 3:17 a.m.•1 views

CVE-2023-2341

Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.21...

7.3CVSS6.1AI score0.00017EPSS

Exploits1References1

OSV•added 2025/03/11 3:35 p.m.•5 views

CVE-2025-27617 Pimcore Vulnerable to SQL Injection in getRelationFilterCondition

Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue...

8.7CVSS7.1AI score0.00544EPSS

Exploits0References6

RedhatCVE•added 2025/02/05 10:58 p.m.•7 views

CVE-2022-1339

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data...

8.8CVSS7.6AI score0.00049EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 10:56 p.m.•5 views

CVE-2022-1429

SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data...

7.5CVSS7.6AI score0.00232EPSS

Exploits1References1

OSV•added 2025/01/28 3:31 p.m.•8 views

GHSA-8M8M-98C9-VW7Q Duplicate Advisory: pimcore/customer-data-framework vulnerable to SQL Injection: Hibernate

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q53r-9hh9-w277. This link is maintained to preserve external references. Original Description A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0...

5.1CVSS5.1AI score0.00008EPSS

Exploits2References6

Positive Technologies•added 2023/09/26 12:0 a.m.•1 views

PT-2023-31900 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/demo versions prior to 10.3.0 Description: The issue concerns excessive data query operations in a large data table. Additionally, introspection is enabled on the demo site demo.pimcore.fun, which allows users to run introspection...

6.5CVSS6AI score0.00012EPSS

Exploits1References8

OSV•added 2023/07/21 3:30 p.m.•14 views

GHSA-VMPV-QJHQ-R463 Pimcore Cross-site Scripting vulnerability

Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4...

6CVSS5.9AI score0.1097EPSS

Exploits1References4

OSV•added 2023/05/10 12:0 a.m.•12 views

CVE-2023-2615 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21...

6.8CVSS6.5AI score0.00011EPSS

Exploits1References4

Positive Technologies•added 2023/05/10 12:0 a.m.•1 views

PT-2023-20536 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: This issue allows for Cross-site Scripting XSS, which can potentially steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users...

6.8CVSS5.8AI score0.00011EPSS

Exploits1References9

Positive Technologies•added 2023/04/27 12:0 a.m.•2 views

PT-2023-18937 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: This issue is related to Cross-site Scripting XSS - DOM, which has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or...

5.4CVSS5AI score0.00009EPSS

Exploits1References9

OSV•added 2023/04/27 12:0 a.m.•13 views

CVE-2023-2328 Cross-site Scripting (XSS) - Generic in pimcore/pimcore

Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.21...

5.2CVSS5.5AI score0.00017EPSS

Exploits1References4

OSV•added 2023/04/27 12:0 a.m.•10 views

CVE-2023-2323 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...

6.8CVSS6.5AI score0.00007EPSS

Exploits1References4

OSV•added 2023/03/10 12:30 p.m.•17 views

GHSA-GH4G-65F6-84G5 pimcore is vulnerable to cross-site scripting

Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19...

4.8CVSS4.8AI score0.00035EPSS

Exploits1References4

OSV•added 2023/03/10 12:0 a.m.•13 views

CVE-2023-1312 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19...

5.2CVSS5.3AI score0.00035EPSS

Exploits1References4

Positive Technologies•added 2023/02/14 12:0 a.m.•1 views

PT-2023-16552 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 1.5.17 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious scripts. Thi...

6.3CVSS5.6AI score0.00029EPSS

Exploits1References8

Github Security Blog•added 2022/02/09 12:0 a.m.•24 views

Cross-site Scripting pimcore

pimcore version 10.3.0 and prior is vulnerable to cross-site scripting...

5.4CVSS2.5AI score0.00041EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2022/01/21 11:50 p.m.•20 views

pimcore is vulnerable to SQL Injection

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

8.8CVSS3.4AI score0.00032EPSS

Exploits1References4Affected Software1

OSV•added 2021/12/16 2:27 p.m.•19 views

GHSA-3P85-P4QG-HCRP pimcore is vulnerable to Cross-site Scripting

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS6.1AI score0.00014EPSS

Exploits1References4

Veracode•added 2019/09/16 1:48 a.m.•19 views

File-Upload Restrictions Bypass

pimcore/pimcore is vulnerable to file-upload restrictions bypass. The vulnerability exists as it was possible to upload a file with its filename longer than 255 characters to have the .txt removed, bypassing the .txt only restrictions...

8.8CVSS3.6AI score0.00008EPSS

Exploits4References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by