CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Huntr•added 2023/03/26 6:18 a.m.•13 views

XSS in Quantity Value of Data Objects module in Settings

Description pimcore is vulnerable to XSS at Abbreviation and Longname fields in Quantity Value of Data Objects module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Data Objects - Quantity Value. 3.In the...

4.9CVSS5.7AI score0.00017EPSS

Exploits1

OSV•added 2022/05/14 2:2 a.m.•15 views

GHSA-276R-24XQ-HWG8 Pimcore XSS Vulnerability

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

5.4CVSS5.5AI score0.00006EPSS

Exploits5References5

Github Security Blog•added 2022/05/14 2:2 a.m.•16 views

Pimcore XSS Vulnerability

5.4CVSS6.3AI score0.00006EPSS

Exploits5References6Affected Software1

Veracode•added 2022/03/17 10:53 a.m.•19 views

Cross-site Scripting (XSS)

pimcore is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the input of Abbreviation, Longname, Converter Service at "Settings" = "Data Objects" = "Quantity Value" in the pimcore service...

5.4CVSS2.3AI score0.0001EPSS

Exploits1References4Affected Software1

Huntr•added 2022/02/07 1:16 p.m.•43 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of Abbreviation, Longname, Converter Service at "Settings" = "Data Objects" = "Quantity Value" in the...

3.5CVSS0.5AI score0.0001EPSS

Exploits1