pimcore/pimcore Security Advisories for v10.5.0 (61)
-
[HIGH] Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
PKSA-d1ts-d4yt-xjz4 CVE-2023-47637 GHSA-72hh-xf79-429p
Affected version: <11.1.1
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting vulnerability
PKSA-17vx-xhyz-z3x1 CVE-2023-5873 GHSA-j59v-hh4p-q92m
Affected version: <11.1.0
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields
PKSA-n2v6-wct3-ryy4 CVE-2023-4453 GHSA-599v-h3q5-g6r9
Affected version: <10.6.8
Reported by:
GitHub -
[MEDIUM] Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
PKSA-bzdr-jc9b-wgm7 CVE-2023-38708 GHSA-34hj-v8fm-x887
Affected version: <10.6.7
Reported by:
GitHub -
[HIGH] Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
PKSA-zcbs-r3vd-wc4x CVE-2023-3819 GHSA-r87r-982q-2c3q
Affected version: <10.6.4
Reported by:
GitHub -
[HIGH] Pimcore vulnerable to SQL Injection in Dataobjects sorting
PKSA-94sk-6xwr-7jwh CVE-2023-3820 GHSA-c9hw-557q-f8hq
Affected version: <10.6.4
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting vulnerability
PKSA-34th-33mz-qfsz CVE-2023-3821 GHSA-78q2-cv3p-x9fm
Affected version: <10.6.4
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting vulnerability
PKSA-7hbf-r4fz-nphq CVE-2023-3822 GHSA-vmpv-qjhq-r463
Affected version: <10.6.4
Reported by:
GitHub -
[HIGH] Pimcore SQL Injection vulnerability
PKSA-mw5k-yyn7-hrf6 CVE-2023-3673 GHSA-rxp5-qwrf-pfv3
Affected version: <10.5.24
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
PKSA-8fvd-j3bc-qkkk CVE-2023-2984 GHSA-46g3-f9r8-xj4v
Affected version: <10.5.22
Reported by:
GitHub -
[MEDIUM] Pimcore Privilege Defined With Unsafe Actions vulnerability
PKSA-kbnn-hkhm-4ct8 CVE-2023-2983 GHSA-m4mv-rmr7-h5f5
Affected version: <10.5.23
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations
PKSA-zqtt-s38r-yd8b CVE-2023-2630 GHSA-w766-3572-f2hv
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting (XSS) in Static Routes name field
PKSA-x9n8-8wks-m17p CVE-2023-2616 GHSA-mhpj-7m7h-8p6x
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting (XSS) in name field of Custom Reports
PKSA-tn2k-bq3r-cdm6 CVE-2023-2614 GHSA-m6m9-gr85-79vm
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting (XSS) in Predefined Properties delete
PKSA-96bd-h4dc-kcnk CVE-2023-2615 GHSA-q7cc-m6jw-m262
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
PKSA-rtj6-fn5b-33p2 CVE-2023-30855 GHSA-g2mc-fqqc-hxg3
Affected version: <10.5.18
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in pimcore
PKSA-z5w4-mn4k-p9wn CVE-2023-2361 GHSA-9xg6-75mh-7x3f
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Arbitrary File Read in Admin JS CSS files
PKSA-1kn9-73cn-8ksf CVE-2023-30852 GHSA-j5c3-r84f-9596
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in DataObject columns grid
PKSA-vkvk-mm5n-9h7s CVE-2023-2340 GHSA-g93x-fm2w-5pxw
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in DataObject Any Getter grid operator
PKSA-dgmc-qmks-mm1m CVE-2023-2339 GHSA-6fvf-x8c6-2f6j
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Path Traversal in Asset "import from server" option
PKSA-4r6x-m9j8-tc15 CVE-2023-2336 GHSA-hg77-vx9v-f49x
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in Conditions tab of Pricing Rules
PKSA-mbmv-x1g3-wp1c CVE-2023-2332 GHSA-r7mm-jx6h-hv7m
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition
PKSA-cjgq-drnp-2f5d CVE-2023-2328 GHSA-2295-vh28-pphc
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in pimcore via DataObject Class date fields
PKSA-pjs7-8z46-p5z8 CVE-2023-2327 GHSA-x9xj-pqmv-8jf7
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field
PKSA-m2x5-f88k-t2td CVE-2023-2323 GHSA-cjv6-w5hf-5wr6
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in Document Properties Parameter
PKSA-sbm6-tdp9-6yss CVE-2023-2322 GHSA-476g-v7hf-cw5m
Affected version: <10.5.21
Reported by:
GitHub -
[HIGH] SQL Injection in AssetController
PKSA-29ns-8jwy-kcfy CVE-2023-2338 GHSA-4x35-vr82-xvj6
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in Website Settings name field
PKSA-fzvx-5txs-xnd4 CVE-2023-2342 GHSA-2c67-p4xh-m34w
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in Admin Login too many attempts notice
PKSA-5mw2-sycb-gzd4 CVE-2023-2341 GHSA-fq95-rx4q-qgg2
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in DataObject Classification Store
PKSA-3h2p-y23h-bnzt CVE-2023-2343 GHSA-9q7q-r54q-3f3g
Affected version: <10.5.21
Reported by:
GitHub -
[HIGH] SQL Injection in Admin Translations API
PKSA-vzkn-79x7-sqky CVE-2023-30850 GHSA-jwg4-qcgv-5wg6
Affected version: <10.5.21
Reported by:
GitHub -
[HIGH] SQL Injection in Translation Export API
PKSA-v5rb-k8g3-wp15 CVE-2023-30849 GHSA-xmg8-w465-mr56
Affected version: <10.5.21
Reported by:
GitHub -
[HIGH] SQL Injection in Admin Search Find API
PKSA-4ccc-f4k5-6nby CVE-2023-30848 GHSA-6mhm-gcpf-5gr8
Affected version: <10.5.21
Reported by:
GitHub -
[MEDIUM] pimcore is vulnerable to cross-site scripting in Composite indices key field
PKSA-nsyp-jtzb-hg4f CVE-2023-1703 GHSA-4f25-2x2c-vg6v
Affected version: <10.5.20
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings
PKSA-8rkt-jjdk-9nf8 CVE-2023-1701 GHSA-7r35-chv4-xr3r
Affected version: <10.5.20
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings
PKSA-xzkb-6y9q-v9p6 CVE-2023-1702 GHSA-6qjm-39vh-729w
Affected version: <10.5.20
Reported by:
GitHub -
[MEDIUM] pimcore is vulnerable to cross-site scripting in translate module
PKSA-tm8v-3b62-5sby CVE-2023-1704 GHSA-hfmg-g39c-5444
Affected version: <10.5.20
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to improper quoting of filters in Custom Reports
PKSA-18pg-vpc7-hjqb CVE-2023-28438 GHSA-vf7q-g2pv-jxvx
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Pimcore Remote Code Execution vulnerability in Search function
PKSA-tdb4-sr2j-7vvc CVE-2023-1578 GHSA-42c3-wvww-gcqj
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field
PKSA-x1x6-mxqf-n565 CVE-2023-28429 GHSA-rcg9-hrhx-6q69
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects
PKSA-nrk9-kzbr-12fr CVE-2023-1515 GHSA-66cm-c7ch-5j8q
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents
PKSA-w79w-m777-ccck CVE-2023-1517 GHSA-42x8-2v53-pqmj
Affected version: <10.5.19
Reported by:
GitHub -
[HIGH] Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model
PKSA-vp44-vg9k-8yfm CVE-2023-28108 GHSA-xc9p-r5qj-8xm9
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in UrlSlug Data type
PKSA-s3hw-vz26-nb34 CVE-2023-28106 GHSA-x5j3-mq9g-8jc8
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Reflected XSS in Application Logger module
PKSA-qy7d-vcdj-fxdz GHSA-2xpm-cmvw-3jcc
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in Document Types
PKSA-4k21-2ncj-8d85 CVE-2023-1429 GHSA-3223-w774-99fq
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) - stored in Print Documents
PKSA-5t4m-2175-r6wt GHSA-rrwm-8wqm-gwgv
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] pimcore is vulnerable to cross-site scripting
PKSA-xhx7-6nd7-s13z CVE-2023-1312 GHSA-gh4g-65f6-84g5
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in pimcore/pimcore
PKSA-3k7j-rqp9-xrnx CVE-2023-1286 GHSA-8jv7-vwrc-mv4g
Affected version: <10.5.19
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to Cross Site Scripting in Email Blacklist
PKSA-4qnj-zwmp-rmq4 CVE-2023-1116 GHSA-96hp-38wx-j3wc
Affected version: <10.5.18
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config
PKSA-rspc-8wxq-255d CVE-2023-1117 GHSA-qxcw-rf4v-hp26
Affected version: <10.5.18
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to Cross Site Scripting in Documents Link Editable
PKSA-jkk6-bwq8-nxc9 CVE-2023-1115 GHSA-97cp-8873-v2gf
Affected version: <10.5.18
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to Cross-site Scripting
PKSA-ks2w-xyk9-r1h7 CVE-2023-1067 GHSA-f2jh-mf2c-8278
Affected version: <=10.5.17
Reported by:
GitHub -
[MEDIUM] Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug
PKSA-mzq4-hn8p-tv47 GHSA-76r7-h46w-463r
Affected version: <10.5.17
Reported by:
GitHub -
[HIGH] SameSite Attribute vulnerability in pimCore
PKSA-94yk-czxg-b999 CVE-2023-25240 GHSA-r2vq-p658-p274
Affected version: <10.5.16
Reported by:
GitHub -
[MEDIUM] Pimcore contains Unrestricted Upload of File with Dangerous Type
PKSA-2q94-xt73-54rz CVE-2023-23937 GHSA-8xv4-jj4h-qww6
Affected version: <10.5.16
Reported by:
GitHub -
[MEDIUM] pimcore is vulnerable to cross-site scripting via "title field " in data objects
PKSA-6zf7-xr74-rbwf CVE-2023-0323 GHSA-6vf6-g3pr-j83h
Affected version: <10.5.14
Reported by:
GitHub -
[CRITICAL] RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
PKSA-pfws-zmn8-fh1s CVE-2022-39365 GHSA-5qxq-vgmm-q39m
Affected version: <10.5.9
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to cross site scripting
PKSA-8m88-5gr1-22gs CVE-2022-3255 GHSA-wqr6-57qm-hhr5
Affected version: <=10.5.6
Reported by:
GitHub -
[MEDIUM] Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users
PKSA-2dcq-5wbt-jfkv CVE-2022-3211 GHSA-4849-x3jx-45qr
Affected version: <10.5.6
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting (XSS)
PKSA-1px6-dv81-jcf7 CVE-2022-2796 GHSA-pr4f-4pcx-2r3h
Affected version: <10.5.4
Reported by:
GitHub