Stored Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to adding media segment in the videoThumbnailUpdateAction function in SettingsController.php which allows an attacker to inject and execute JavaScript in the browser when viewing the video...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of input sanitization in the file upload in the SettingsController.php file allowing an attacker to bypass the system using an event handler...

CVE-2021-45364

A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product...

CVE-2021-45364

A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product...

Remote code execution

DISPUTED A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product...

CVE-2021-45364

CVE-2021-45364 affects Statamic up to version 3.2.26 via SettingsController.php, described as a Code Execution vulnerability. The vendor states there was an error publishing this CVE record and that the affected code was not used in any Statamic product, which is echoed by multiple sources (inclu...