44 matches found
EUVD-2023-1636
Malicious code in bioql PyPI...
CVE-2023-2630
Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2615
Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2341
Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2343
Cross-site Scripting XSS - DOM in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2338
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2336
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2323
Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2328
Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2342
Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2340
Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore
A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...
SUSE-SU-2023:2991-1 Security update for mariadb
This update for mariadb fixes the following issues: This update provides MariaDB 10.5.21. See release notes at https://mariadb.com/kb/en/mariadb-10-5-21-release-notes/ and changelog at https://mariadb.com/kb/en/mariadb-10-5-21-changelog/ . Security issues fixed: - CVE-2022-47015: Fixed a NULL...
CVE-2023-2630
Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...
CVE-2023-2630 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...
PT-2023-20597 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: The issue allows for the execution of JavaScript code on victim browsers, potentially leading to cookie theft and account takeover. Recommendations: For versions prior to 10.5.21, update ...
CVE-2023-2614 Cross-site Scripting (XSS) - DOM in pimcore/pimcore
Cross-site Scripting XSS - DOM in GitHub repository pimcore/pimcore prior to 10.5.21...
Cross-site Scripting (XSS) in DataObject columns grid
Impact The attacker is capable to stolen the user session cookie. it will leads to complete account takeover. Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e.patch Workarounds Apply patch...
GHSA-G93X-FM2W-5PXW Cross-site Scripting (XSS) in DataObject columns grid
Impact The attacker is capable to stolen the user session cookie. it will leads to complete account takeover. Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e.patch Workarounds Apply patch...
Cross-site Scripting (XSS) in Conditions tab of Pricing Rules
Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...