CRITICAL9.8CVE-2022-39365RCE vulnerability in Pimcore/Mail & Dynamic Text Layout from 0, < 10.5.9
from 0, < 6.2.2
from 0, < 6.2.2
HIGH8.8Pimcore Has an Incomplete Patch for CVE-2023-30848
>= 12.0.0-RC1, < 12.3.1
HIGH8.8Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
from 0, < 11.1.1
HIGH8.8SQL Injection in AssetController
from 0, < 10.5.21
HIGH8.8SQL Injection in Admin Translations API
from 0, < 10.5.21
HIGH8.8SQL Injection in Translation Export API
from 0, < 10.5.21
HIGH8.8SQL Injection in Admin Search Find API
from 0, < 10.5.21
HIGH8.8SameSite Attribute vulnerability in pimCore
from 0, < 10.5.16
HIGH8.8Pimcore RCE via PHAR upload
from 0, < 5.7.1
HIGH8.8Pimcore Unrestricted Upload of File with Dangerous Type
from 0, < 5.7.1
HIGH8.8Pimcore CSRF Vulnerability
from 0, < 5.3.0
HIGH8.8Pimcore Unserialize Remote Code Execution
from 0, < 5.7.1
HIGH8.8SQL injection in pimcore/pimcore
from 0, < 10.0.7
HIGH8.7Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration
from 0, < 12.3.6
HIGH8.6Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
>= 12.0.0-RC1, < 12.3.1
HIGH8.3pimcore is vulnerable to SQL Injection
from 0, < 10.2.9
HIGH8.1Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling
from 0, < 12.3.7
HIGH8.1Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document
>= 11.4.2, < 11.5.3
HIGH8.1Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore
from 0, < 10.4.4
HIGH8.0Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction
from 0, < 12.3.7
HIGH8.0Improper Neutralization of Text-Values in Object Version Preview
from 0, < 10.1.2
HIGH8.0Improper Encoding or Escaping of Output in Asset Metadata Component
from 0, < 10.1.2
HIGH7.9Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model
from 0, < 10.5.19
HIGH7.8Unrestricted Upload of File with Dangerous Type in pimcore
from 0, < 10.2.7
HIGH7.6Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
from 0, < 10.6.4
HIGH7.5Flooding Server with Thumbnail files
>= 11.0.0, < 11.2.4
HIGH7.5Pimcore Discloses Usernames In Use
from 0, < 6.2.2
HIGH7.5SQL Injection found in Pimcore
from 0, < 10.3.6
HIGH7.5SQL Injection in Pimcore
from 0, < 10.3.5
HIGH7.5SQL Injection in Pimcore
from 0, < 10.3.5
HIGH7.2Pimcore vulnerable to SQL Injection in Dataobjects sorting
from 0, < 10.6.4
HIGH7.2Pimcore SQL Injection vulnerability
from 0, < 10.5.24
HIGH7.2SQL Injection in pimcore
>= 6.7.2, < 6.8.3
HIGH7.1Path traversal in pimcore/pimcore
from 0, < 6.8.8
MEDIUM6.8Pimcore Cross-site Scripting (XSS) in Static Routes name field
from 0, < 10.5.21
MEDIUM6.8Pimcore Cross-site Scripting (XSS) in Predefined Properties delete
from 0, < 10.5.21
MEDIUM6.8Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field
from 0, < 10.5.21
MEDIUM6.8Pimcore vulnerable to cross site scripting
from 0, < 10.5.7
MEDIUM6.8Cross-site Scripting in Pimcore
from 0, < 10.4
MEDIUM6.7Pimcore Cross-site Scripting (XSS)
from 0, < 10.5.4
MEDIUM6.6Cross-site Scripting in pimcore
from 0, < 10.2.7
MEDIUM6.6Cross-site Scripting in pimcore
from 0, < 10.2.7
MEDIUM6.5Pimcore Privilege Defined With Unsafe Actions vulnerability
from 0, < 10.5.23
MEDIUM6.5Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
from 0, < 10.5.18
MEDIUM6.5Path Traversal in Asset "import from server" option
from 0, < 10.5.21
MEDIUM6.5Pimcore Remote Code Execution vulnerability in Search function
from 0, < 10.5.19
MEDIUM6.5Pimcore SQLi Vulnerability
from 0, < 5.3.0
MEDIUM6.5Path traversal in pimcore
from 0, < 10.3.2
MEDIUM6.5Data leakage via SQL Injection in Pimcore
from 0, < 6.3.0
MEDIUM6.4Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export
from 0, < 12.3.7
MEDIUM6.4Cross-site Scripting in pimcore
from 0, < 10.3.1
MEDIUM6.3Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
from 0, < 10.6.7
MEDIUM6.3Pimcore vulnerable to Pre-Auth Path Traversal in pimcore_log parameter
from 0, < 10.5.22
MEDIUM6.3Cross-site Scripting in pimcore
from 0, < 1.5.17
MEDIUM6.2Pimcore vulnerable to improper quoting of filters in Custom Reports
from 0, < 10.5.19
MEDIUM6.1Pimcore Cross-site Scripting vulnerability
from 0, < 10.6.4
MEDIUM6.1Cross-site Scripting (XSS) in Admin Login too many attempts notice
from 0, < 10.5.21
MEDIUM6.1Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field
from 0, < 10.5.19
MEDIUM6.1Pimcore Cross-site Scripting (XSS) vulnerability
from 0, < 6.3.0
MEDIUM6.1Pimcore XSS Vulnerability
from 0, < 6.3.0
MEDIUM6.1Cross-site Scripting in pimcore
from 0, < 10.2.6
MEDIUM6.1pimcore is vulnerable to Cross-site Scripting
from 0, < 10.2.6
MEDIUM6.0Pimcore Cross-site Scripting vulnerability
from 0, < 10.6.4
MEDIUM5.4Pimcore Cross-site Scripting vulnerability
from 0, < 11.1.0
MEDIUM5.4Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields
from 0, < 10.6.8
MEDIUM5.4Pimcore Cross-site Scripting vulnerability
from 0, < 10.3.3
MEDIUM5.4Cross-site Scripting (XSS) in pimcore
from 0, < 10.5.21
MEDIUM5.4Cross-site Scripting (XSS) in DataObject columns grid
from 0, < 10.5.21
MEDIUM5.4Cross-site Scripting (XSS) in DataObject Any Getter grid operator
from 0, < 10.5.21
MEDIUM5.4Cross-site Scripting (XSS) in Website Settings name field
from 0, < 10.5.21
MEDIUM5.4Cross-site Scripting (XSS) in DataObject Classification Store
from 0, < 10.5.21
MEDIUM5.4pimcore is vulnerable to cross-site scripting in Composite indices key field
from 0, < 10.5.20
MEDIUM5.4Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects
from 0, < 10.5.19
MEDIUM5.4Cross-site Scripting (XSS) in Document Types
from 0, < 10.5.19
MEDIUM5.4Pimcore vulnerable to Cross Site Scripting in Email Blacklist
from 0, < 10.5.18
MEDIUM5.4Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config
from 0, < 10.5.18
MEDIUM5.4Pimcore vulnerable to Cross Site Scripting in Documents Link Editable
from 0, < 10.5.18
MEDIUM5.4Pimcore vulnerable to Cross-site Scripting
from 0, <= 10.5.17
MEDIUM5.4Pimcore contains Unrestricted Upload of File with Dangerous Type
from 0, < 10.5.16
MEDIUM5.4pimcore is vulnerable to cross-site scripting via "title field " in data objects
from 0, < 10.5.14
MEDIUM5.4Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users
from 0, < 10.5.6
MEDIUM5.4Pimcore XSS Vulnerability
from 0, < 5.3.0
MEDIUM5.4Cross-site Scripting in Pimcore
from 0, < 10.4.0
MEDIUM5.4Cross-site Scripting in Pimcore
from 0, < 10.4.0
MEDIUM5.4Cross-site Scripting in Pimcore
from 0, < 10.4.0
MEDIUM5.4Cross-site Scripting in Pimcore
from 0, < 10.4.0
MEDIUM5.4Cross-site Scripting in Pimcore
from 0, < 10.4.0
MEDIUM5.4Cross-site Scripting in Pimcore
from 0, < 10.3.3
MEDIUM5.4Cross-site Scripting in Pimcore
from 0, < 10.3.3
MEDIUM5.4Cross-site Scripting in pimcore
from 0, < 10.3.1
MEDIUM5.4Cross-site Scripting pimcore
from 0, < 10.3.1
MEDIUM5.4Cross-site Scripting in pimcore
from 0, < 10.2.10
MEDIUM5.4Cross-site Scripting in Pimcore
from 0, < 10.2.10
MEDIUM5.4Cross-site Scripting in pimcore
from 0, < 10.2.9
MEDIUM5.4pimcore is vulnerable to Cross-site Scripting
from 0, < 10.2.9
MEDIUM5.4pimcore is vulnerable to Cross-site Scripting
from 0, < 10.2.9
MEDIUM5.4Cross-site Scripting in pimcore
from 0, < 10.2.9
MEDIUM5.3Observable Response Discrepancy in Lost Password Service
from 0, < 10.1.3