Pimcore/Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.

Published: 2023-10-31T08:06:44.834Z
Updated: 2025-02-27T20:38:44.746Z

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.

Published: 2023-08-21T09:22:03.718Z
Updated: 2024-10-03T14:06:28.730Z

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.

Published: 2023-07-21T14:52:05.707Z
Updated: 2024-10-16T13:44:53.274Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.

Published: 2023-07-21T14:50:39.925Z
Updated: 2024-10-16T13:47:02.189Z

SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.

Published: 2023-07-21T14:44:44.799Z
Updated: 2024-10-16T13:54:24.107Z

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.

Published: 2023-07-21T14:37:57.468Z
Updated: 2024-10-16T13:57:28.106Z

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.

Published: 2023-07-14T12:19:04.063Z
Updated: 2024-10-22T15:16:48.909Z

Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.

Published: 2023-05-30T00:00:00.000Z
Updated: 2025-01-13T19:58:54.371Z

Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.

Published: 2023-05-30T00:00:00.000Z
Updated: 2025-01-10T20:52:19.382Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Published: 2023-05-16T00:00:00.000Z
Updated: 2025-01-22T21:17:58.930Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-05-10T00:00:00.000Z
Updated: 2025-01-27T19:39:51.618Z

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-05-10T00:00:00.000Z
Updated: 2025-01-27T19:40:58.922Z

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-05-10T00:00:00.000Z
Updated: 2025-01-27T19:41:38.994Z

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-05-10T00:00:00.000Z
Updated: 2025-01-27T19:42:18.093Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-28T00:00:00.000Z
Updated: 2025-01-30T20:47:51.877Z

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-30T20:05:15.271Z

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-31T18:31:35.752Z

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-31T18:32:18.482Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-31T18:32:58.770Z

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-30T21:27:22.267Z

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-02-03T16:28:46.713Z

Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-31T18:51:08.170Z

A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.

Published: 2024-11-15T10:57:19.795Z
Updated: 2024-11-15T21:00:49.061Z

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-31T18:51:45.775Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-31T18:33:27.692Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-31T18:34:07.651Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-31T18:35:16.820Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-12T19:31:07.783Z

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-12T19:31:33.148Z

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-12T16:52:16.949Z

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.

Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-12T16:52:59.036Z

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.

Published: 2023-03-22T00:00:00.000Z
Updated: 2025-02-25T19:52:13.960Z

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.

Published: 2023-03-20T00:00:00.000Z
Updated: 2025-02-26T19:22:56.581Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.

Published: 2023-03-20T00:00:00.000Z
Updated: 2025-02-26T19:23:25.873Z

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.

Published: 2023-03-16T00:00:00.000Z
Updated: 2025-02-26T21:16:00.292Z

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.

Published: 2023-03-10T00:00:00.000Z
Updated: 2025-02-28T15:37:20.260Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.

Published: 2023-03-09T00:00:00.000Z
Updated: 2025-02-28T16:33:29.186Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

Published: 2023-03-01T00:00:00.000Z
Updated: 2025-03-07T18:32:31.478Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

Published: 2023-03-01T00:00:00.000Z
Updated: 2025-03-07T18:33:04.217Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

Published: 2023-03-01T00:00:00.000Z
Updated: 2025-03-11T14:15:32.285Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

Published: 2023-02-27T00:00:00.000Z
Updated: 2025-03-10T19:54:56.161Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.

Published: 2023-02-14T00:00:00.000Z
Updated: 2025-03-20T18:49:36.800Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.

Published: 2023-01-16T00:00:00.000Z
Updated: 2025-04-07T15:08:14.295Z

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.

Published: 2022-09-21T12:00:21.000Z
Updated: 2025-05-28T15:21:33.438Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.

Published: 2022-09-15T13:35:10.000Z
Updated: 2024-08-03T01:00:10.590Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.

Published: 2022-08-23T08:00:20.000Z
Updated: 2024-08-03T00:46:04.428Z

SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data

Published: 2022-04-22T09:10:10.000Z
Updated: 2024-08-03T00:03:06.261Z

Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.

Published: 2022-04-14T09:15:15.000Z
Updated: 2024-08-03T00:03:05.672Z

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data

Published: 2022-04-13T09:45:15.000Z
Updated: 2024-08-03T00:03:05.610Z

SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data

Published: 2022-04-08T08:45:18.000Z
Updated: 2024-08-02T23:55:24.296Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: 2022-03-16T09:05:10.000Z
Updated: 2024-08-02T23:47:42.839Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: 2022-03-15T10:30:13.000Z
Updated: 2024-08-02T23:47:42.094Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: 2022-03-15T10:30:18.000Z
Updated: 2024-08-02T23:47:42.078Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Published: 2022-03-04T13:40:10.000Z
Updated: 2024-08-02T23:40:04.381Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Published: 2022-03-04T13:35:10.000Z
Updated: 2024-08-02T23:40:04.371Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: 2022-03-16T10:30:12.000Z
Updated: 2024-08-02T23:40:03.461Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: 2022-03-16T09:15:15.000Z
Updated: 2024-08-02T23:40:03.327Z

Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.

Published: 2022-02-22T14:55:09.000Z
Updated: 2024-08-02T23:32:46.655Z

Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.

Published: 2022-02-12T12:30:10.000Z
Updated: 2024-11-19T19:16:33.301Z

Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.

Published: 2022-02-08T14:20:10.000Z
Updated: 2024-08-02T23:32:45.626Z

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.

Published: 2022-02-08T11:30:11.000Z
Updated: 2024-08-02T23:32:46.495Z

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.

Published: 2022-01-27T14:10:11.000Z
Updated: 2024-08-02T23:25:39.983Z

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.

Published: 2022-01-20T15:00:12.000Z
Updated: 2024-08-02T23:25:40.066Z

Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.

Published: 2022-01-18T15:55:10.000Z
Updated: 2024-08-02T23:25:40.358Z

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.

Published: 2022-01-18T15:40:11.000Z
Updated: 2024-08-02T23:25:38.887Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.

Published: 2022-01-18T15:00:11.000Z
Updated: 2024-08-02T23:25:38.795Z

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

Published: 2022-01-17T15:15:10.000Z
Updated: 2024-08-02T23:25:38.783Z

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: 2022-01-17T15:15:15.000Z
Updated: 2024-08-02T23:25:39.597Z

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: 2022-01-17T15:10:09.000Z
Updated: 2024-08-02T23:25:40.154Z

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.

Published: 2022-01-26T10:35:10.000Z
Updated: 2024-08-02T23:18:42.889Z

Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.

Published: 2022-01-18T15:30:12.000Z
Updated: 2024-08-03T17:16:04.270Z

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: 2021-12-21T12:50:10.000Z
Updated: 2024-08-03T17:16:04.247Z

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: 2021-12-10T11:15:11.000Z
Updated: 2024-08-03T17:16:03.346Z

pimcore is vulnerable to Cross-Site Request Forgery (CSRF)

Published: 2021-12-10T10:20:10.000Z
Updated: 2024-08-03T17:16:03.508Z

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Published: 2021-12-10T10:20:15.000Z
Updated: 2024-08-03T17:16:04.248Z