Security Advisories - pimcore/pimcore

pimcore/pimcore Security Advisories for v6.6.4 (87)

Pimcore Cross-site Scripting vulnerability

CVE-2023-2730

Affected version: <10.3.3

Reported by:
GitHub
Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

CVE-2023-2630

Affected version: <10.5.21

Reported by:
GitHub
Pimcore Cross-site Scripting (XSS) in Static Routes name field

CVE-2023-2616

Affected version: <10.5.21

Reported by:
GitHub
Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

CVE-2023-2614

Affected version: <10.5.21

Reported by:
GitHub
Pimcore Cross-site Scripting (XSS) in Predefined Properties delete

CVE-2023-2615

Affected version: <10.5.21

Reported by:
GitHub
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php

CVE-2023-30855

Affected version: <10.5.18

Reported by:
GitHub
Cross-site Scripting (XSS) in pimcore

CVE-2023-2361

Affected version: <10.5.21

Reported by:
GitHub
Arbitrary File Read in Admin JS CSS files

CVE-2023-30852

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in DataObject columns grid

CVE-2023-2340

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in DataObject Any Getter grid operator

CVE-2023-2339

Affected version: <10.5.21

Reported by:
GitHub
Path Traversal in Asset "import from server" option

CVE-2023-2336

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Conditions tab of Pricing Rules

CVE-2023-2332

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

CVE-2023-2328

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

CVE-2023-2327

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field

CVE-2023-2323

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Document Properties Parameter

CVE-2023-2322

Affected version: <10.5.21

Reported by:
GitHub
SQL Injection in AssetController

CVE-2023-2338

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Website Settings name field

CVE-2023-2342

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Admin Login too many attempts notice

CVE-2023-2341

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in DataObject Classification Store

CVE-2023-2343

Affected version: <10.5.21

Reported by:
GitHub
SQL Injection in Admin Translations API

CVE-2023-30850

Affected version: <10.5.21

Reported by:
GitHub
SQL Injection in Translation Export API

CVE-2023-30849

Affected version: <10.5.21

Reported by:
GitHub
SQL Injection in Admin Search Find API

CVE-2023-30848

Affected version: <10.5.21

Reported by:
GitHub
pimcore is vulnerable to cross-site scripting in Composite indices key field

CVE-2023-1703

Affected version: <10.5.20

Reported by:
GitHub
Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

CVE-2023-1701

Affected version: <10.5.20

Reported by:
GitHub
Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings

CVE-2023-1702

Affected version: <10.5.20

Reported by:
GitHub
pimcore is vulnerable to cross-site scripting in translate module

CVE-2023-1704

Affected version: <10.5.20

Reported by:
GitHub
Pimcore vulnerable to improper quoting of filters in Custom Reports

CVE-2023-28438

Affected version: <10.5.19

Reported by:
GitHub
Pimcore Remote Code Execution vulnerability in Search function

CVE-2023-1578

Affected version: <10.5.19

Reported by:
GitHub
Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field

CVE-2023-28429

Affected version: <10.5.19

Reported by:
GitHub
Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects

CVE-2023-1515

Affected version: <10.5.19

Reported by:
GitHub
Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents

CVE-2023-1517

Affected version: <10.5.19

Reported by:
GitHub
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model

CVE-2023-28108

Affected version: <10.5.19

Reported by:
GitHub
Cross-site Scripting (XSS) in UrlSlug Data type

CVE-2023-28106

Affected version: <10.5.19

Reported by:
GitHub
Reflected XSS in Application Logger module

Affected version: <10.5.19

Reported by:
GitHub
Cross-site Scripting (XSS) in Document Types

CVE-2023-1429

Affected version: <10.5.19

Reported by:
GitHub
Cross-site Scripting (XSS) - stored in Print Documents

Affected version: <10.5.19

Reported by:
GitHub
pimcore is vulnerable to cross-site scripting

CVE-2023-1312

Affected version: <10.5.19

Reported by:
GitHub
Cross-site Scripting (XSS) in pimcore/pimcore

CVE-2023-1286

Affected version: <10.5.19

Reported by:
GitHub
Pimcore vulnerable to Cross Site Scripting in Email Blacklist

CVE-2023-1116

Affected version: <10.5.18

Reported by:
GitHub
Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config

CVE-2023-1117

Affected version: <10.5.18

Reported by:
GitHub
Pimcore vulnerable to Cross Site Scripting in Documents Link Editable

CVE-2023-1115

Affected version: <10.5.18

Reported by:
GitHub
Pimcore vulnerable to Cross-site Scripting

CVE-2023-1067

Affected version: <=10.5.17

Reported by:
GitHub
Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug

Affected version: <10.5.17

Reported by:
GitHub
SameSite Attribute vulnerability in pimCore

CVE-2023-25240

Affected version: <10.5.16

Reported by:
GitHub
Pimcore contains Unrestricted Upload of File with Dangerous Type

CVE-2023-23937

Affected version: <10.5.16

Reported by:
GitHub
pimcore is vulnerable to cross-site scripting via "title field " in data objects

CVE-2023-0323

Affected version: <10.5.14

Reported by:
GitHub
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout

CVE-2022-39365

Affected version: <10.5.9

Reported by:
GitHub
Pimcore vulnerable to cross site scripting

CVE-2022-3255

Affected version: <=10.5.6

Reported by:
GitHub
Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users

CVE-2022-3211

Affected version: <10.5.6

Reported by:
GitHub
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore

CVE-2022-31092

Affected version: <10.4.4

Reported by:
GitHub
SQL Injection found in Pimcore

CVE-2022-1429

Affected version: <10.3.6

Reported by:
GitHub
Cross-site Scripting in Pimcore

CVE-2022-1351

Affected version: <10.4

Reported by:
GitHub
SQL Injection in Pimcore

CVE-2022-1339

Affected version: <10.3.5

Reported by:
GitHub
SQL Injection in Pimcore

CVE-2022-1219

Affected version: <10.3.5

Reported by:
GitHub
Cross-site Scripting in Pimcore

CVE-2022-0911

Affected version: <=10.3.3

Reported by:
GitHub
Cross-site Scripting in Pimcore

CVE-2022-0704

Affected version: <=10.3.3

Reported by:
GitHub
Cross-site Scripting in Pimcore

CVE-2022-0705

Affected version: <=10.3.3

Reported by:
GitHub
Cross-site Scripting in Pimcore

CVE-2022-0894

Affected version: <10.4.0

Reported by:
GitHub
Cross-site Scripting in Pimcore

CVE-2022-0893

Affected version: <10.4.0

Reported by:
GitHub
Cross-site Scripting in Pimcore

CVE-2022-0831

Affected version: <=10.3.2

Reported by:
GitHub
Cross-site Scripting in Pimcore

CVE-2022-0832

Affected version: <=10.3.2

Reported by:
GitHub
Path traversal in pimcore

CVE-2022-0665

Affected version: <10.3.2

Reported by:
GitHub
Exposure of Sensitive Information to an Unauthorized Actor in pimcore

CVE-2022-0565

Affected version: <10.3.1

Reported by:
GitHub
Cross-site Scripting in pimcore

CVE-2022-0509

Affected version: <=10.3.0

Reported by:
GitHub
Cross-site Scripting pimcore

CVE-2022-0510

Affected version: <=10.3.0

Reported by:
GitHub
Cross-site Scripting in pimcore

CVE-2022-0348

Affected version: <=10.2.9

Reported by:
GitHub
Cross-site Scripting in Pimcore

CVE-2022-0251

Affected version: <10.2.10

Reported by:
GitHub
Cross-site Scripting in pimcore

CVE-2022-0260

Affected version: <10.2.9

Reported by:
GitHub
Business Logic Errors in pimcore

CVE-2021-4146

Affected version: <10.2.9

Reported by:
GitHub
pimcore is vulnerable to Cross-site Scripting

CVE-2022-0257

Affected version: <10.2.9

Reported by:
GitHub
pimcore is vulnerable to SQL Injection

CVE-2022-0258

Affected version: <10.2.9

Reported by:
GitHub
pimcore is vulnerable to Cross-site Scripting

CVE-2022-0256

Affected version: <10.2.9

Reported by:
GitHub
Unrestricted Upload of File with Dangerous Type in pimcore

CVE-2022-0263

Affected version: <10.2.7

Reported by:
GitHub
Cross-site Scripting in pimcore

CVE-2022-0262

Affected version: <10.2.7

Reported by:
GitHub
Cross-site Scripting in pimcore

CVE-2022-0285

Affected version: <10.2.9

Reported by:
GitHub
Cross-site Scripting in pimcore

CVE-2021-4139

Affected version: <10.2.7

Reported by:
GitHub
Cross-site Scripting in pimcore

CVE-2021-4084

Affected version: <10.2.6

Reported by:
GitHub
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-4082

Affected version: <10.2.6

Reported by:
GitHub
pimcore is vulnerable to Cross-site Scripting

CVE-2021-4081

Affected version: <10.2.6

Reported by:
GitHub
Observable Response Discrepancy in Lost Password Service

CVE-2021-39189

Affected version: <10.1.3

Reported by:
GitHub
Improper Neutralization of Text-Values in Object Version Preview

CVE-2021-39166

Affected version: <10.1.1

Reported by:
GitHub
Improper Encoding or Escaping of Output in Asset Metadata Component

CVE-2021-39170

Affected version: <10.1.1

Reported by:
GitHub
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

CVE-2021-37702

Affected version: <10.1.1

Reported by:
GitHub
CKEditor 4 vulnerabilities in versions <4.16.1

Affected version: <10.1.1

Reported by:
GitHub
SQL injection in pimcore/pimcore

CVE-2021-23405

Affected version: <10.0.7

Reported by:
GitHub
Path traversal in pimcore/pimcore

CVE-2021-23340

Affected version: <6.8.8

Reported by:
GitHub