Security Advisories - pimcore/pimcore

pimcore/pimcore Security Advisories for v6.6.4 (99)

[HIGH] Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()

PKSA-d1ts-d4yt-xjz4 CVE-2023-47637 GHSA-72hh-xf79-429p

Affected version: <11.1.1

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting vulnerability

PKSA-17vx-xhyz-z3x1 CVE-2023-5873 GHSA-j59v-hh4p-q92m

Affected version: <11.1.0

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields

PKSA-n2v6-wct3-ryy4 CVE-2023-4453 GHSA-599v-h3q5-g6r9

Affected version: <10.6.8

Reported by:
GitHub
[MEDIUM] Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction

PKSA-bzdr-jc9b-wgm7 CVE-2023-38708 GHSA-34hj-v8fm-x887

Affected version: <10.6.7

Reported by:
GitHub
[HIGH] Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

PKSA-zcbs-r3vd-wc4x CVE-2023-3819 GHSA-r87r-982q-2c3q

Affected version: <10.6.4

Reported by:
GitHub
[HIGH] Pimcore vulnerable to SQL Injection in Dataobjects sorting

PKSA-94sk-6xwr-7jwh CVE-2023-3820 GHSA-c9hw-557q-f8hq

Affected version: <10.6.4

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting vulnerability

PKSA-34th-33mz-qfsz CVE-2023-3821 GHSA-78q2-cv3p-x9fm

Affected version: <10.6.4

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting vulnerability

PKSA-7hbf-r4fz-nphq CVE-2023-3822 GHSA-vmpv-qjhq-r463

Affected version: <10.6.4

Reported by:
GitHub
[HIGH] Pimcore SQL Injection vulnerability

PKSA-mw5k-yyn7-hrf6 CVE-2023-3673 GHSA-rxp5-qwrf-pfv3

Affected version: <10.5.24

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter

PKSA-8fvd-j3bc-qkkk CVE-2023-2984 GHSA-46g3-f9r8-xj4v

Affected version: <10.5.22

Reported by:
GitHub
[MEDIUM] Pimcore Privilege Defined With Unsafe Actions vulnerability

PKSA-kbnn-hkhm-4ct8 CVE-2023-2983 GHSA-m4mv-rmr7-h5f5

Affected version: <10.5.23

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting vulnerability

PKSA-3s6g-hzcv-vztb CVE-2023-2730 GHSA-q3p4-v2cm-q945

Affected version: <10.3.3

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

PKSA-zqtt-s38r-yd8b CVE-2023-2630 GHSA-w766-3572-f2hv

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) in Static Routes name field

PKSA-x9n8-8wks-m17p CVE-2023-2616 GHSA-mhpj-7m7h-8p6x

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

PKSA-tn2k-bq3r-cdm6 CVE-2023-2614 GHSA-m6m9-gr85-79vm

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS) in Predefined Properties delete

PKSA-96bd-h4dc-kcnk CVE-2023-2615 GHSA-q7cc-m6jw-m262

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php

PKSA-rtj6-fn5b-33p2 CVE-2023-30855 GHSA-g2mc-fqqc-hxg3

Affected version: <10.5.18

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in pimcore

PKSA-z5w4-mn4k-p9wn CVE-2023-2361 GHSA-9xg6-75mh-7x3f

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Arbitrary File Read in Admin JS CSS files

PKSA-1kn9-73cn-8ksf CVE-2023-30852 GHSA-j5c3-r84f-9596

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in DataObject columns grid

PKSA-vkvk-mm5n-9h7s CVE-2023-2340 GHSA-g93x-fm2w-5pxw

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in DataObject Any Getter grid operator

PKSA-dgmc-qmks-mm1m CVE-2023-2339 GHSA-6fvf-x8c6-2f6j

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Path Traversal in Asset "import from server" option

PKSA-4r6x-m9j8-tc15 CVE-2023-2336 GHSA-hg77-vx9v-f49x

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Conditions tab of Pricing Rules

PKSA-mbmv-x1g3-wp1c CVE-2023-2332 GHSA-r7mm-jx6h-hv7m

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

PKSA-cjgq-drnp-2f5d CVE-2023-2328 GHSA-2295-vh28-pphc

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

PKSA-pjs7-8z46-p5z8 CVE-2023-2327 GHSA-x9xj-pqmv-8jf7

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field

PKSA-m2x5-f88k-t2td CVE-2023-2323 GHSA-cjv6-w5hf-5wr6

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Document Properties Parameter

PKSA-sbm6-tdp9-6yss CVE-2023-2322 GHSA-476g-v7hf-cw5m

Affected version: <10.5.21

Reported by:
GitHub
[HIGH] SQL Injection in AssetController

PKSA-29ns-8jwy-kcfy CVE-2023-2338 GHSA-4x35-vr82-xvj6

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Website Settings name field

PKSA-fzvx-5txs-xnd4 CVE-2023-2342 GHSA-2c67-p4xh-m34w

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Admin Login too many attempts notice

PKSA-5mw2-sycb-gzd4 CVE-2023-2341 GHSA-fq95-rx4q-qgg2

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in DataObject Classification Store

PKSA-3h2p-y23h-bnzt CVE-2023-2343 GHSA-9q7q-r54q-3f3g

Affected version: <10.5.21

Reported by:
GitHub
[HIGH] SQL Injection in Admin Translations API

PKSA-vzkn-79x7-sqky CVE-2023-30850 GHSA-jwg4-qcgv-5wg6

Affected version: <10.5.21

Reported by:
GitHub
[HIGH] SQL Injection in Translation Export API

PKSA-v5rb-k8g3-wp15 CVE-2023-30849 GHSA-xmg8-w465-mr56

Affected version: <10.5.21

Reported by:
GitHub
[HIGH] SQL Injection in Admin Search Find API

PKSA-4ccc-f4k5-6nby CVE-2023-30848 GHSA-6mhm-gcpf-5gr8

Affected version: <10.5.21

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to cross-site scripting in Composite indices key field

PKSA-nsyp-jtzb-hg4f CVE-2023-1703 GHSA-3r5c-h7g6-cqw7

Affected version: <10.5.20

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

PKSA-8rkt-jjdk-9nf8 CVE-2023-1701 GHSA-6mmf-qm37-pmgg

Affected version: <10.5.20

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings

PKSA-xzkb-6y9q-v9p6 CVE-2023-1702 GHSA-69fc-v223-6rjw

Affected version: <10.5.20

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to cross-site scripting in translate module

PKSA-tm8v-3b62-5sby CVE-2023-1704 GHSA-rp78-4562-gx3c

Affected version: <10.5.20

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to improper quoting of filters in Custom Reports

PKSA-18pg-vpc7-hjqb CVE-2023-28438 GHSA-vf7q-g2pv-jxvx

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Pimcore Remote Code Execution vulnerability in Search function

PKSA-tdb4-sr2j-7vvc CVE-2023-1578 GHSA-42c3-wvww-gcqj

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field

PKSA-x1x6-mxqf-n565 CVE-2023-28429 GHSA-rcg9-hrhx-6q69

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects

PKSA-nrk9-kzbr-12fr CVE-2023-1515 GHSA-66cm-c7ch-5j8q

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents

PKSA-w79w-m777-ccck CVE-2023-1517 GHSA-42x8-2v53-pqmj

Affected version: <10.5.19

Reported by:
GitHub
[HIGH] Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model

PKSA-vp44-vg9k-8yfm CVE-2023-28108 GHSA-xc9p-r5qj-8xm9

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in UrlSlug Data type

PKSA-s3hw-vz26-nb34 CVE-2023-28106 GHSA-x5j3-mq9g-8jc8

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Reflected XSS in Application Logger module

PKSA-qy7d-vcdj-fxdz GHSA-2xpm-cmvw-3jcc

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in Document Types

PKSA-4k21-2ncj-8d85 CVE-2023-1429 GHSA-3223-w774-99fq

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) - stored in Print Documents

PKSA-5t4m-2175-r6wt GHSA-rrwm-8wqm-gwgv

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to cross-site scripting

PKSA-xhx7-6nd7-s13z CVE-2023-1312 GHSA-gh4g-65f6-84g5

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Cross-site Scripting (XSS) in pimcore/pimcore

PKSA-3k7j-rqp9-xrnx CVE-2023-1286 GHSA-8jv7-vwrc-mv4g

Affected version: <10.5.19

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to Cross Site Scripting in Email Blacklist

PKSA-4qnj-zwmp-rmq4 CVE-2023-1116 GHSA-96hp-38wx-j3wc

Affected version: <10.5.18

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config

PKSA-rspc-8wxq-255d CVE-2023-1117 GHSA-qxcw-rf4v-hp26

Affected version: <10.5.18

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to Cross Site Scripting in Documents Link Editable

PKSA-jkk6-bwq8-nxc9 CVE-2023-1115 GHSA-97cp-8873-v2gf

Affected version: <10.5.18

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to Cross-site Scripting

PKSA-ks2w-xyk9-r1h7 CVE-2023-1067 GHSA-f2jh-mf2c-8278

Affected version: <=10.5.17

Reported by:
GitHub
[MEDIUM] Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug

PKSA-mzq4-hn8p-tv47 GHSA-76r7-h46w-463r

Affected version: <10.5.17

Reported by:
GitHub
[HIGH] SameSite Attribute vulnerability in pimCore

PKSA-94yk-czxg-b999 CVE-2023-25240 GHSA-r2vq-p658-p274

Affected version: <10.5.16

Reported by:
GitHub
[MEDIUM] Pimcore contains Unrestricted Upload of File with Dangerous Type

PKSA-2q94-xt73-54rz CVE-2023-23937 GHSA-8xv4-jj4h-qww6

Affected version: <10.5.16

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to cross-site scripting via "title field " in data objects

PKSA-6zf7-xr74-rbwf CVE-2023-0323 GHSA-6vf6-g3pr-j83h

Affected version: <10.5.14

Reported by:
GitHub
[CRITICAL] RCE vulnerability in Pimcore/Mail & Dynamic Text Layout

PKSA-pfws-zmn8-fh1s CVE-2022-39365 GHSA-5qxq-vgmm-q39m

Affected version: <10.5.9

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to cross site scripting

PKSA-8m88-5gr1-22gs CVE-2022-3255 GHSA-wqr6-57qm-hhr5

Affected version: <=10.5.6

Reported by:
GitHub
[MEDIUM] Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users

PKSA-2dcq-5wbt-jfkv CVE-2022-3211 GHSA-4849-x3jx-45qr

Affected version: <10.5.6

Reported by:
GitHub
[MEDIUM] Pimcore Cross-site Scripting (XSS)

PKSA-1px6-dv81-jcf7 CVE-2022-2796 GHSA-pr4f-4pcx-2r3h

Affected version: <10.5.4

Reported by:
GitHub
[HIGH] Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore

PKSA-dz2g-qh7p-4qx2 CVE-2022-31092 GHSA-gvmf-wcx6-p974

Affected version: <10.4.4

Reported by:
GitHub
[HIGH] SQL Injection found in Pimcore

PKSA-xccb-vn88-ds9h CVE-2022-1429 GHSA-2v7p-f4qm-r5pc

Affected version: <10.3.6

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in Pimcore

PKSA-rx94-r9sb-bfgm CVE-2022-1351 GHSA-xcr3-4qvr-54rh

Affected version: <10.4

Reported by:
GitHub
[HIGH] SQL Injection in Pimcore

PKSA-ngs9-xgbn-47bj CVE-2022-1339 GHSA-mj2c-5mjv-gmmj

Affected version: <10.3.5

Reported by:
GitHub
[HIGH] SQL Injection in Pimcore

PKSA-m6dr-z2f9-11qn CVE-2022-1219 GHSA-6gm7-j668-w6h9

Affected version: <10.3.5

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in Pimcore

PKSA-by1x-vjq9-tqn5 CVE-2022-0704 GHSA-pc32-x737-74cv

Affected version: <=10.3.3

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in Pimcore

PKSA-nw5g-9nvs-2g16 CVE-2022-0911 GHSA-j29f-m23h-3p8p

Affected version: <=10.3.3

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in Pimcore

PKSA-s2pd-5x71-466g CVE-2022-0705 GHSA-xmq3-hgjx-6997

Affected version: <=10.3.3

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in Pimcore

PKSA-pv4g-593k-5k42 CVE-2022-0894 GHSA-22hc-47cc-7x6f

Affected version: <10.4.0

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in Pimcore

PKSA-m6b7-1spy-5tw9 CVE-2022-0893 GHSA-g795-4hxx-qqwm

Affected version: <10.4.0

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in Pimcore

PKSA-8zfx-vkq8-z929 CVE-2022-0831 GHSA-q67f-3jq4-mww2

Affected version: <=10.3.2

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in Pimcore

PKSA-13qm-5zq3-bcnt CVE-2022-0832 GHSA-6qcc-whgp-pjj2

Affected version: <=10.3.2

Reported by:
GitHub
[MEDIUM] Path traversal in pimcore

PKSA-jvsf-kb4b-2pwb CVE-2022-0665 GHSA-gjq4-69wj-p6pr

Affected version: <10.3.2

Reported by:
GitHub
[HIGH] Exposure of Sensitive Information to an Unauthorized Actor in pimcore

PKSA-7prq-96rv-5y6n CVE-2022-0565 GHSA-h9vc-2p9g-63gp

Affected version: <10.3.1

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in pimcore

PKSA-yg45-rwgr-gzgw CVE-2022-0509 GHSA-cg3h-rc9q-g8v9

Affected version: <10.3.1

Reported by:
GitHub
[MEDIUM] Cross-site Scripting pimcore

PKSA-66bd-gnbx-ng68 CVE-2022-0510 GHSA-mxh3-2699-98g9

Affected version: <=10.3.0

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in pimcore

PKSA-tjdd-pjrs-gxk8 CVE-2022-0348 GHSA-8x44-pwr2-rgc6

Affected version: <=10.2.9

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in Pimcore

PKSA-tch6-fyz8-1rhz CVE-2022-0251 GHSA-f7q6-xxph-mfm8

Affected version: <10.2.10

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in pimcore

PKSA-124z-v4pc-jx88 CVE-2022-0260 GHSA-455w-gv5p-wgg3

Affected version: <10.2.9

Reported by:
GitHub
[MEDIUM] Business Logic Errors in pimcore

PKSA-vqmw-jbcz-xzf9 CVE-2021-4146 GHSA-54hw-mhgh-x4vc

Affected version: <10.2.9

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to Cross-site Scripting

PKSA-p4wb-89sv-5pf8 CVE-2022-0257 GHSA-v567-q267-phpg

Affected version: <10.2.9

Reported by:
GitHub
[HIGH] pimcore is vulnerable to SQL Injection

PKSA-3stx-hz47-583n CVE-2022-0258 GHSA-vj9x-w7ch-f46p

Affected version: <10.2.9

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to Cross-site Scripting

PKSA-92z9-4g2d-ssh2 CVE-2022-0256 GHSA-57hg-26h7-9qgv

Affected version: <10.2.9

Reported by:
GitHub
[HIGH] Unrestricted Upload of File with Dangerous Type in pimcore

PKSA-8cjp-krht-tdqr CVE-2022-0263 GHSA-c697-r227-pq6h

Affected version: <10.2.7

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in pimcore

PKSA-9mwb-hcgz-dvk6 CVE-2022-0262 GHSA-4f5x-q4jc-xfcf

Affected version: <10.2.7

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in pimcore

PKSA-p422-hgcb-xsnd CVE-2022-0285 GHSA-pm3v-qxf6-fgxv

Affected version: <10.2.9

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in pimcore

PKSA-yc8v-hyvd-4b29 CVE-2021-4139 GHSA-8xx9-rxrj-2m2w

Affected version: <10.2.7

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in pimcore

PKSA-7cgx-vsx9-ycrj CVE-2021-4084 GHSA-8w3x-r6x7-c5r5

Affected version: <10.2.6

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-dq19-7bpm-828y CVE-2021-4082 GHSA-2v2v-fx7r-f2fh

Affected version: <10.2.6

Reported by:
GitHub
[MEDIUM] pimcore is vulnerable to Cross-site Scripting

PKSA-6md7-pdwp-mmsf CVE-2021-4081 GHSA-3p85-p4qg-hcrp

Affected version: <10.2.6

Reported by:
GitHub
[MEDIUM] Observable Response Discrepancy in Lost Password Service

PKSA-mf7d-5516-2z87 CVE-2021-39189 GHSA-579x-cjvr-cqj9

Affected version: <10.1.3

Reported by:
GitHub
[HIGH] Improper Neutralization of Text-Values in Object Version Preview

PKSA-krb6-f9wg-msdj CVE-2021-39166 GHSA-w6j8-jc36-x5q9

Affected version: <10.1.1

Reported by:
GitHub
[HIGH] Improper Encoding or Escaping of Output in Asset Metadata Component

PKSA-26hh-frk7-jf8r CVE-2021-39170 GHSA-2v88-qq7x-xq5f

Affected version: <10.1.1

Reported by:
GitHub
[MEDIUM] Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

PKSA-xhvq-53bm-3tfv CVE-2021-37702 GHSA-pp2h-95hm-hv9r

Affected version: <10.1.1

Reported by:
GitHub
[MEDIUM] CKEditor 4 vulnerabilities in versions <4.16.1

PKSA-vqn9-dv55-dndh GHSA-cfcv-q4qq-2ph4

Affected version: <10.1.1

Reported by:
GitHub
[HIGH] SQL injection in pimcore/pimcore

PKSA-7ck3-nb5p-7jxx CVE-2021-23405 GHSA-g8jx-66p8-vcm2

Affected version: <10.0.7

Reported by:
GitHub
[HIGH] Path traversal in pimcore/pimcore

PKSA-gz5z-mhqp-tgk9 CVE-2021-23340 GHSA-h7f9-cvh5-qw7f

Affected version: <6.8.8

Reported by:
GitHub

pimcore/pimcore Security Advisories for v6.6.4 (99)

[HIGH] Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()

[MEDIUM] Pimcore Cross-site Scripting vulnerability

[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields

[MEDIUM] Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction

[HIGH] Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

[HIGH] Pimcore vulnerable to SQL Injection in Dataobjects sorting

[MEDIUM] Pimcore Cross-site Scripting vulnerability

[MEDIUM] Pimcore Cross-site Scripting vulnerability

[HIGH] Pimcore SQL Injection vulnerability

[MEDIUM] Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter

[MEDIUM] Pimcore Privilege Defined With Unsafe Actions vulnerability

[MEDIUM] Pimcore Cross-site Scripting vulnerability

[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

[MEDIUM] Pimcore Cross-site Scripting (XSS) in Static Routes name field

[MEDIUM] Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

[MEDIUM] Pimcore Cross-site Scripting (XSS) in Predefined Properties delete

[MEDIUM] Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php

[MEDIUM] Cross-site Scripting (XSS) in pimcore

[MEDIUM] Arbitrary File Read in Admin JS CSS files

[MEDIUM] Cross-site Scripting (XSS) in DataObject columns grid

[MEDIUM] Cross-site Scripting (XSS) in DataObject Any Getter grid operator

[MEDIUM] Path Traversal in Asset "import from server" option

[MEDIUM] Cross-site Scripting (XSS) in Conditions tab of Pricing Rules

[MEDIUM] Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

[MEDIUM] Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

[MEDIUM] Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field

[MEDIUM] Cross-site Scripting (XSS) in Document Properties Parameter

[HIGH] SQL Injection in AssetController

[MEDIUM] Cross-site Scripting (XSS) in Website Settings name field

[MEDIUM] Cross-site Scripting (XSS) in Admin Login too many attempts notice

[MEDIUM] Cross-site Scripting (XSS) in DataObject Classification Store

[HIGH] SQL Injection in Admin Translations API

[HIGH] SQL Injection in Translation Export API

[HIGH] SQL Injection in Admin Search Find API

[MEDIUM] pimcore is vulnerable to cross-site scripting in Composite indices key field

[MEDIUM] Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

[MEDIUM] Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings

[MEDIUM] pimcore is vulnerable to cross-site scripting in translate module

[MEDIUM] Pimcore vulnerable to improper quoting of filters in Custom Reports

[MEDIUM] Pimcore Remote Code Execution vulnerability in Search function

[MEDIUM] Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field

[MEDIUM] Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects

[MEDIUM] Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents

[HIGH] Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model

[MEDIUM] Cross-site Scripting (XSS) in UrlSlug Data type

[MEDIUM] Reflected XSS in Application Logger module

[MEDIUM] Cross-site Scripting (XSS) in Document Types

[MEDIUM] Cross-site Scripting (XSS) - stored in Print Documents

[MEDIUM] pimcore is vulnerable to cross-site scripting

[MEDIUM] Cross-site Scripting (XSS) in pimcore/pimcore

[MEDIUM] Pimcore vulnerable to Cross Site Scripting in Email Blacklist

[MEDIUM] Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config

[MEDIUM] Pimcore vulnerable to Cross Site Scripting in Documents Link Editable

[MEDIUM] Pimcore vulnerable to Cross-site Scripting

[MEDIUM] Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug

[HIGH] SameSite Attribute vulnerability in pimCore

[MEDIUM] Pimcore contains Unrestricted Upload of File with Dangerous Type

[MEDIUM] pimcore is vulnerable to cross-site scripting via "title field " in data objects

[CRITICAL] RCE vulnerability in Pimcore/Mail & Dynamic Text Layout

[MEDIUM] Pimcore vulnerable to cross site scripting

[MEDIUM] Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users

[MEDIUM] Pimcore Cross-site Scripting (XSS)

[HIGH] Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore

[HIGH] SQL Injection found in Pimcore

[MEDIUM] Cross-site Scripting in Pimcore

[HIGH] SQL Injection in Pimcore

[HIGH] SQL Injection in Pimcore

[MEDIUM] Cross-site Scripting in Pimcore

[MEDIUM] Cross-site Scripting in Pimcore

[MEDIUM] Cross-site Scripting in Pimcore

[MEDIUM] Cross-site Scripting in Pimcore

[MEDIUM] Cross-site Scripting in Pimcore

[MEDIUM] Cross-site Scripting in Pimcore

[MEDIUM] Cross-site Scripting in Pimcore

[MEDIUM] Path traversal in pimcore

[HIGH] Exposure of Sensitive Information to an Unauthorized Actor in pimcore

[MEDIUM] Cross-site Scripting in pimcore

[MEDIUM] Cross-site Scripting pimcore

[MEDIUM] Cross-site Scripting in pimcore