Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply these patches manually...

GHSA-X9XJ-PQMV-8JF7 Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

SQL Injection in AssetController

Impact SQL injections in AssetController due to unsanitized concatenating strings in where clause. The attacker can dump database, alter data or perform dos on the backend database. Patches Update to version 10.5.21 or apply this patch manually...

Path traversal

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the /admin/misc/script-proxy API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the scriptPath and scripts parameters. The...

Cross-site Scripting (XSS) in Admin Login too many attempts notice

Impact Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can then impersonate that user. Furthermore, JavaScript...

GHSA-9Q7Q-R54Q-3F3G Cross-site Scripting (XSS) in DataObject Classification Store

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

SQL Injection in Admin Translations API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

CVE-2023-30850 Pimcore SQL Injection Vulnerability in Admin Translations API

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually...

CVE-2023-30850 Pimcore SQL Injection Vulnerability in Admin Translations API

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually...

CVE-2023-30849 Pimcore vulnerable to SQL Injection in Translation Export API

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually...

CVE-2023-30849 Pimcore vulnerable to SQL Injection in Translation Export API

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually...

CVE-2023-30848 Pimcore SQL Injection Vulnerability in Admin Search Find API

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually...

CVE-2023-2343

Cross-site Scripting XSS - DOM in GitHub repository pimcore/pimcore prior to 10.5.21...

CVE-2023-2328

Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.21...

CVE-2023-2327

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...

CVE-2023-2328 Cross-site Scripting (XSS) - Generic in pimcore/pimcore

Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.21...

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...

CVE-2023-2327 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...

CVE-2023-2322 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...

CVE-2023-2323 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.21...