Pimcore

Pimcore

130 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-0258

Exploit
  • EPSS 1.63%
  • Veröffentlicht 17.01.2022 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:38:15

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

9

CVE-2021-4139

Exploit
  • EPSS 0.88%
  • Veröffentlicht 21.12.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:36:59

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1

CVE-2021-4084

Exploit
  • EPSS 1.56%
  • Veröffentlicht 10.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:36:52

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1

CVE-2021-4081

Exploit
  • EPSS 0.76%
  • Veröffentlicht 10.12.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:36:51

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3

CVE-2021-4082

Exploit
  • EPSS 0.43%
  • Veröffentlicht 10.12.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:36:52

pimcore is vulnerable to Cross-Site Request Forgery (CSRF)

5

CVE-2021-39189

  • EPSS 1.24%
  • Veröffentlicht 15.09.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:50

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the avail...

5.4

CVE-2021-39170

Exploit
  • EPSS 1.25%
  • Veröffentlicht 01.09.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:46

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, us...

5.4

CVE-2021-39166

  • EPSS 0.78%
  • Veröffentlicht 01.09.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:46

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is...

8.8

CVE-2021-37702

  • EPSS 1.06%
  • Veröffentlicht 18.08.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:15:44

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.

7.5

CVE-2021-31869

Exploit
  • EPSS 1.08%
  • Veröffentlicht 04.08.2021 23:15:07
  • Zuletzt bearbeitet 06.03.2026 19:53:00

Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.