Security Advisories - pimcore/pimcore

pimcore/pimcore Security Advisories for v10.5.19 (25)

Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

CVE-2023-2630

Affected version: <10.5.21

Reported by:
GitHub
Pimcore Cross-site Scripting (XSS) in Static Routes name field

CVE-2023-2616

Affected version: <10.5.21

Reported by:
GitHub
Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

CVE-2023-2614

Affected version: <10.5.21

Reported by:
GitHub
Pimcore Cross-site Scripting (XSS) in Predefined Properties delete

CVE-2023-2615

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in pimcore

CVE-2023-2361

Affected version: <10.5.21

Reported by:
GitHub
Arbitrary File Read in Admin JS CSS files

CVE-2023-30852

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in DataObject columns grid

CVE-2023-2340

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in DataObject Any Getter grid operator

CVE-2023-2339

Affected version: <10.5.21

Reported by:
GitHub
Path Traversal in Asset "import from server" option

CVE-2023-2336

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Conditions tab of Pricing Rules

CVE-2023-2332

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

CVE-2023-2328

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

CVE-2023-2327

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field

CVE-2023-2323

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Document Properties Parameter

CVE-2023-2322

Affected version: <10.5.21

Reported by:
GitHub
SQL Injection in AssetController

CVE-2023-2338

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Website Settings name field

CVE-2023-2342

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in Admin Login too many attempts notice

CVE-2023-2341

Affected version: <10.5.21

Reported by:
GitHub
Cross-site Scripting (XSS) in DataObject Classification Store

CVE-2023-2343

Affected version: <10.5.21

Reported by:
GitHub
SQL Injection in Admin Translations API

CVE-2023-30850

Affected version: <10.5.21

Reported by:
GitHub
SQL Injection in Translation Export API

CVE-2023-30849

Affected version: <10.5.21

Reported by:
GitHub
SQL Injection in Admin Search Find API

CVE-2023-30848

Affected version: <10.5.21

Reported by:
GitHub
pimcore is vulnerable to cross-site scripting in Composite indices key field

CVE-2023-1703

Affected version: <10.5.20

Reported by:
GitHub
Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

CVE-2023-1701

Affected version: <10.5.20

Reported by:
GitHub
Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings

CVE-2023-1702

Affected version: <10.5.20

Reported by:
GitHub
pimcore is vulnerable to cross-site scripting in translate module

CVE-2023-1704

Affected version: <10.5.20

Reported by:
GitHub