pimcore/pimcore Security Advisories for v10.6.6 (4)
-
[HIGH] Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
PKSA-d1ts-d4yt-xjz4 CVE-2023-47637 GHSA-72hh-xf79-429p
Affected version: <11.1.1
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting vulnerability
PKSA-17vx-xhyz-z3x1 CVE-2023-5873 GHSA-j59v-hh4p-q92m
Affected version: <11.1.0
Reported by:
GitHub -
[MEDIUM] Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields
PKSA-n2v6-wct3-ryy4 CVE-2023-4453 GHSA-599v-h3q5-g6r9
Affected version: <10.6.8
Reported by:
GitHub -
[MEDIUM] Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
PKSA-bzdr-jc9b-wgm7 CVE-2023-38708 GHSA-34hj-v8fm-x887
Affected version: <10.6.7
Reported by:
GitHub