Vulnerabilites related to pimcore - pimcore/pimcore
CVE-2021-4084 (GCVE-0-2021-4084)
Vulnerability from cvelistv5
Published
2021-12-10 11:15
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-10T11:15:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065"
}
],
"source": {
"advisory": "dcb37f19-ba53-4498-b953-d21999279266",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4084",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.6"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266"
},
{
"name": "https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065"
}
]
},
"source": {
"advisory": "dcb37f19-ba53-4498-b953-d21999279266",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4084",
"datePublished": "2021-12-10T11:15:11",
"dateReserved": "2021-12-09T00:00:00",
"dateUpdated": "2024-08-03T17:16:03.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0257 (GCVE-0-2022-0257)
Vulnerability from cvelistv5
Published
2022-01-17 15:15
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:39.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThanOrEqual": "10.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T15:15:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d"
}
],
"source": {
"advisory": "bad2073c-bbd5-4425-b3e9-c336b73ddda6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0257",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.2.8"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6"
},
{
"name": "https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d"
}
]
},
"source": {
"advisory": "bad2073c-bbd5-4425-b3e9-c336b73ddda6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0257",
"datePublished": "2022-01-17T15:15:15",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:25:39.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0260 (GCVE-0-2022-0260)
Vulnerability from cvelistv5
Published
2022-01-18 15:00
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:38.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T15:00:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f"
}
],
"source": {
"advisory": "89e4ab60-21ec-4396-92ad-5b78d4c2897e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0260",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.7"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e"
},
{
"name": "https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f"
}
]
},
"source": {
"advisory": "89e4ab60-21ec-4396-92ad-5b78d4c2897e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0260",
"datePublished": "2022-01-18T15:00:11",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:25:38.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2332 (GCVE-0-2023-2332)
Vulnerability from cvelistv5
Published
2024-11-15 10:57
Modified
2024-11-15 21:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2332",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T21:00:05.861798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:00:49.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user\u0027s browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:57:19.795Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c"
},
{
"url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe"
}
],
"source": {
"advisory": "e436ed71-6741-4b30-89db-f7f3de4aca2c",
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting (XSS) in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-2332",
"datePublished": "2024-11-15T10:57:19.795Z",
"dateReserved": "2023-04-27T09:28:19.485Z",
"dateUpdated": "2024-11-15T21:00:49.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3822 (GCVE-0-2023-3822)
Vulnerability from cvelistv5
Published
2023-07-21 14:52
Modified
2024-10-16 13:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3822",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T13:11:54.205051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:44:53.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T14:52:05.707Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5"
},
{
"url": "https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236"
}
],
"source": {
"advisory": "2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3822",
"datePublished": "2023-07-21T14:52:05.707Z",
"dateReserved": "2023-07-21T14:51:58.334Z",
"dateUpdated": "2024-10-16T13:44:53.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1515 (GCVE-0-2023-1515)
Vulnerability from cvelistv5
Published
2023-03-20 00:00
Modified
2025-02-26 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1515",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T19:23:15.663160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T19:23:25.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282"
},
{
"url": "https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964"
}
],
"source": {
"advisory": "ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1515",
"datePublished": "2023-03-20T00:00:00.000Z",
"dateReserved": "2023-03-20T00:00:00.000Z",
"dateUpdated": "2025-02-26T19:23:25.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1351 (GCVE-0-2022-1351)
Vulnerability from cvelistv5
Published
2022-04-14 09:15
Modified
2024-08-03 00:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T09:15:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac"
}
],
"source": {
"advisory": "c23ae6c2-2e53-4bf5-85b0-e90418476615",
"discovery": "EXTERNAL"
},
"title": "Stored XSS in Tooltip in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1351",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in Tooltip in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.4"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615"
},
{
"name": "https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac"
}
]
},
"source": {
"advisory": "c23ae6c2-2e53-4bf5-85b0-e90418476615",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1351",
"datePublished": "2022-04-14T09:15:15",
"dateReserved": "2022-04-14T00:00:00",
"dateUpdated": "2024-08-03T00:03:05.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0285 (GCVE-0-2022-0285)
Vulnerability from cvelistv5
Published
2022-01-20 15:00
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-20T15:00:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835"
}
],
"source": {
"advisory": "321918b2-aa01-410e-9f7c-dca5f286bc9c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0285",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.9"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c"
},
{
"name": "https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835"
}
]
},
"source": {
"advisory": "321918b2-aa01-410e-9f7c-dca5f286bc9c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0285",
"datePublished": "2022-01-20T15:00:12",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2343 (GCVE-0-2023-2343)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-30 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2343",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:04:53.967657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:05:15.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2"
},
{
"url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e"
}
],
"source": {
"advisory": "2fa17227-a717-4b66-ab5a-16bffbb4edb2",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2343",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-30T20:05:15.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1704 (GCVE-0-2023-1704)
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-12 19:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T19:30:59.714472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:31:07.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f"
},
{
"url": "https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0"
}
],
"source": {
"advisory": "84419c7b-ae29-401b-bdfd-5d0c498d320f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1704",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-12T19:31:07.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0251 (GCVE-0-2022-0251)
Vulnerability from cvelistv5
Published
2022-01-26 10:35
Modified
2024-08-02 23:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T10:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb"
}
],
"source": {
"advisory": "eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0251",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.10"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5"
},
{
"name": "https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb"
}
]
},
"source": {
"advisory": "eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0251",
"datePublished": "2022-01-26T10:35:10",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0893 (GCVE-0-2022-0893)
Vulnerability from cvelistv5
Published
2022-03-15 10:30
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T10:30:18",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9"
}
],
"source": {
"advisory": "2859a1c1-941c-4efc-a3ad-a0657c7a77e9",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0893",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.4.0"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"name": "https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9"
}
]
},
"source": {
"advisory": "2859a1c1-941c-4efc-a3ad-a0657c7a77e9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0893",
"datePublished": "2022-03-15T10:30:18",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0510 (GCVE-0-2022-0510)
Vulnerability from cvelistv5
Published
2022-02-08 14:20
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-08T14:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce"
}
],
"source": {
"advisory": "bb3525d5-dedc-48b8-ab04-ad4c72499abe",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0510",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.3.1"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe"
},
{
"name": "https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce"
}
]
},
"source": {
"advisory": "bb3525d5-dedc-48b8-ab04-ad4c72499abe",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0510",
"datePublished": "2022-02-08T14:20:10",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-02T23:32:45.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2730 (GCVE-0-2023-2730)
Vulnerability from cvelistv5
Published
2023-05-16 00:00
Modified
2025-01-22 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:04.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2730",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T21:17:55.359790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T21:17:58.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-16T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878"
},
{
"url": "https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885"
}
],
"source": {
"advisory": "6c6f5c26-d545-4e7b-82bb-1fe28006c885",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2730",
"datePublished": "2023-05-16T00:00:00.000Z",
"dateReserved": "2023-05-16T00:00:00.000Z",
"dateUpdated": "2025-01-22T21:17:58.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2328 (GCVE-0-2023-2328)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2328",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:51:34.474619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:51:45.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6"
},
{
"url": "https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe"
}
],
"source": {
"advisory": "01a44584-e36b-46f4-ad94-53af488397f6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2328",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:51:45.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0665 (GCVE-0-2022-0665)
Vulnerability from cvelistv5
Published
2022-02-22 14:55
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T14:55:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e"
}
],
"source": {
"advisory": "423df64d-c591-4ad9-bf1c-411bcbc06ba3",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0665",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.3.2"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3"
},
{
"name": "https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e"
}
]
},
"source": {
"advisory": "423df64d-c591-4ad9-bf1c-411bcbc06ba3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0665",
"datePublished": "2022-02-22T14:55:09",
"dateReserved": "2022-02-17T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1312 (GCVE-0-2023-1312)
Vulnerability from cvelistv5
Published
2023-03-10 00:00
Modified
2025-02-28 15:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T15:36:24.890454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T15:37:20.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356"
},
{
"url": "https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb"
}
],
"source": {
"advisory": "2a64a32d-b1cc-4def-91da-18040d59f356",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1312",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-02-28T15:37:20.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1701 (GCVE-0-2023-1701)
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-12 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1701",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:52:49.263319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:52:59.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256"
},
{
"url": "https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d"
}
],
"source": {
"advisory": "64f943c4-68e5-4ef8-82f6-9c4abe928256",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1701",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:52:59.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0894 (GCVE-0-2022-0894)
Vulnerability from cvelistv5
Published
2022-03-15 10:30
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T10:30:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
}
],
"source": {
"advisory": "18f8e85e-3cbf-4915-b649-8cffe99daa95",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0894",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.4.0"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95"
},
{
"name": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
}
]
},
"source": {
"advisory": "18f8e85e-3cbf-4915-b649-8cffe99daa95",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0894",
"datePublished": "2022-03-15T10:30:13",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0827 (GCVE-0-2023-0827)
Vulnerability from cvelistv5
Published
2023-02-14 00:00
Modified
2025-03-20 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 1.5.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/f4050586136cb4c44e3d6042111a1b87b340df95"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0827",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T18:47:36.264377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:49:36.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "1.5.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422"
},
{
"url": "https://github.com/pimcore/pimcore/commit/f4050586136cb4c44e3d6042111a1b87b340df95"
}
],
"source": {
"advisory": "75bc7d07-46a7-4ed9-a405-af4fc47fb422",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0827",
"datePublished": "2023-02-14T00:00:00.000Z",
"dateReserved": "2023-02-14T00:00:00.000Z",
"dateUpdated": "2025-03-20T18:49:36.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0704 (GCVE-0-2022-0704)
Vulnerability from cvelistv5
Published
2022-03-16 09:15
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T09:15:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6"
}
],
"source": {
"advisory": "4142a8b4-b439-4328-aaa3-52f6fedfd0a6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0704",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.4.0"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"name": "https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6"
}
]
},
"source": {
"advisory": "4142a8b4-b439-4328-aaa3-52f6fedfd0a6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0704",
"datePublished": "2022-03-16T09:15:15",
"dateReserved": "2022-02-21T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1429 (GCVE-0-2023-1429)
Vulnerability from cvelistv5
Published
2023-03-16 00:00
Modified
2025-02-26 21:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1429",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:15:52.855149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T21:16:00.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f"
},
{
"url": "https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5"
}
],
"source": {
"advisory": "e0829fea-e458-47b8-84a3-a74476d9638f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1429",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2023-03-16T00:00:00.000Z",
"dateUpdated": "2025-02-26T21:16:00.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0911 (GCVE-0-2022-0911)
Vulnerability from cvelistv5
Published
2022-03-16 09:05
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T09:05:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77"
}
],
"source": {
"advisory": "b242edb1-b036-4dca-9b53-891494dd7a77",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0911",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.4.0"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"name": "https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77"
}
]
},
"source": {
"advisory": "b242edb1-b036-4dca-9b53-891494dd7a77",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0911",
"datePublished": "2022-03-16T09:05:10",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0831 (GCVE-0-2022-0831)
Vulnerability from cvelistv5
Published
2022-03-04 13:35
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-04T13:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf"
}
],
"source": {
"advisory": "4152e3a7-27a1-49eb-a6eb-a57506af104f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0831",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.3.3"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f"
},
{
"name": "https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf"
}
]
},
"source": {
"advisory": "4152e3a7-27a1-49eb-a6eb-a57506af104f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0831",
"datePublished": "2022-03-04T13:35:10",
"dateReserved": "2022-03-02T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2327 (GCVE-0-2023-2327)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2327",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:33:19.111868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:33:27.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6"
},
{
"url": "https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f"
}
],
"source": {
"advisory": "7336b71f-a36f-4ce7-a26d-c8335ac713d6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2327",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:33:27.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4082 (GCVE-0-2021-4082)
Vulnerability from cvelistv5
Published
2021-12-10 10:20
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:03.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore is vulnerable to Cross-Site Request Forgery (CSRF)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-10T10:20:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28"
}
],
"source": {
"advisory": "81838575-e170-41fb-b451-92c1c8aab092",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4082",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.6"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pimcore is vulnerable to Cross-Site Request Forgery (CSRF)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092"
},
{
"name": "https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28"
}
]
},
"source": {
"advisory": "81838575-e170-41fb-b451-92c1c8aab092",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4082",
"datePublished": "2021-12-10T10:20:10",
"dateReserved": "2021-12-09T00:00:00",
"dateUpdated": "2024-08-03T17:16:03.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1286 (GCVE-0-2023-1286)
Vulnerability from cvelistv5
Published
2023-03-09 00:00
Modified
2025-02-28 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1286",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T16:33:06.661843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T16:33:29.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-09T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c"
},
{
"url": "https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18"
}
],
"source": {
"advisory": "31d97442-3f87-439f-83f0-1c7862ef0c7c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1286",
"datePublished": "2023-03-09T00:00:00.000Z",
"dateReserved": "2023-03-09T00:00:00.000Z",
"dateUpdated": "2025-02-28T16:33:29.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2323 (GCVE-0-2023-2323)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2323",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:33:50.840638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:34:07.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3"
},
{
"url": "https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e"
}
],
"source": {
"advisory": "41edf190-f6bf-4a29-a237-7ff1b2d048d3",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2323",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:34:07.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2796 (GCVE-0-2022-2796)
Vulnerability from cvelistv5
Published
2022-08-23 08:00
Modified
2024-08-03 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T08:00:20",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d"
}
],
"source": {
"advisory": "69d56ec3-8370-44cf-9732-4065e3076097",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2796",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.5.4"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097"
},
{
"name": "https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d"
}
]
},
"source": {
"advisory": "69d56ec3-8370-44cf-9732-4065e3076097",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2796",
"datePublished": "2022-08-23T08:00:20",
"dateReserved": "2022-08-12T00:00:00",
"dateUpdated": "2024-08-03T00:46:04.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2342 (GCVE-0-2023-2342)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 18:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2342",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:31:26.538026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:31:35.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829"
},
{
"url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564"
}
],
"source": {
"advisory": "01cd3ed5-dce8-4021-9de0-81cb14bf1829",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2342",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:31:35.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1115 (GCVE-0-2023-1115)
Vulnerability from cvelistv5
Published
2023-03-01 00:00
Modified
2025-03-11 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1115",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T14:15:26.029677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:15:32.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17"
},
{
"url": "https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3"
}
],
"source": {
"advisory": "cfa80332-e4cf-4d64-b3e5-e10298628d17",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1115",
"datePublished": "2023-03-01T00:00:00.000Z",
"dateReserved": "2023-03-01T00:00:00.000Z",
"dateUpdated": "2025-03-11T14:15:32.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2616 (GCVE-0-2023-2616)
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-27 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2616",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T19:40:53.840647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T19:40:58.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801"
},
{
"url": "https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091"
}
],
"source": {
"advisory": "564cb512-2bcc-4458-8c20-88110ab45801",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2616",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-27T19:40:58.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0832 (GCVE-0-2022-0832)
Vulnerability from cvelistv5
Published
2022-03-04 13:40
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-04T13:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878"
}
],
"source": {
"advisory": "be450b60-bc8f-4585-96a5-3c4069f1186a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0832",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.3.3"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a"
},
{
"name": "https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878"
}
]
},
"source": {
"advisory": "be450b60-bc8f-4585-96a5-3c4069f1186a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0832",
"datePublished": "2022-03-04T13:40:10",
"dateReserved": "2022-03-02T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3211 (GCVE-0-2022-3211)
Vulnerability from cvelistv5
Published
2022-09-15 13:35
Modified
2024-08-03 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T13:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36"
}
],
"source": {
"advisory": "31ac0506-ae38-4128-a46d-71d5d079f8b7",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3211",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.5.6"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7"
},
{
"name": "https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36"
}
]
},
"source": {
"advisory": "31ac0506-ae38-4128-a46d-71d5d079f8b7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3211",
"datePublished": "2022-09-15T13:35:10",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2336 (GCVE-0-2023-2336)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2336",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:50:58.728016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:51:08.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14"
},
{
"url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4"
}
],
"source": {
"advisory": "af764624-7746-4f53-8480-85348dbb4f14",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2336",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:51:08.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1116 (GCVE-0-2023-1116)
Vulnerability from cvelistv5
Published
2023-03-01 00:00
Modified
2025-03-07 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1116",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:32:54.133449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:33:04.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1"
},
{
"url": "https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e"
}
],
"source": {
"advisory": "3245ff99-9adf-4db9-af94-f995747e09d1",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1116",
"datePublished": "2023-03-01T00:00:00.000Z",
"dateReserved": "2023-03-01T00:00:00.000Z",
"dateUpdated": "2025-03-07T18:33:04.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3819 (GCVE-0-2023-3819)
Vulnerability from cvelistv5
Published
2023-07-21 14:37
Modified
2024-10-16 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3819",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T13:38:48.974662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:57:28.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T14:37:57.468Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c"
},
{
"url": "https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54"
}
],
"source": {
"advisory": "be5e4d4c-1b0b-4c01-a1fc-00533135817c",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3819",
"datePublished": "2023-07-21T14:37:57.468Z",
"dateReserved": "2023-07-21T14:37:44.153Z",
"dateUpdated": "2024-10-16T13:57:28.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2630 (GCVE-0-2023-2630)
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-27 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2630",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T19:39:45.733044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T19:39:51.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e"
},
{
"url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38"
}
],
"source": {
"advisory": "e1001870-b8d8-4921-8b9c-bbdfb1a1491e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2630",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-27T19:39:51.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1219 (GCVE-0-2022-1219)
Vulnerability from cvelistv5
Published
2022-04-08 08:45
Modified
2024-08-02 23:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-08T08:45:18",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017"
}
],
"source": {
"advisory": "f700bd18-1fd3-4a05-867f-07176aebc7f6",
"discovery": "EXTERNAL"
},
"title": "SQL injection in RecyclebinController.php in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1219",
"STATE": "PUBLIC",
"TITLE": "SQL injection in RecyclebinController.php in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.3.5"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6"
},
{
"name": "https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017"
}
]
},
"source": {
"advisory": "f700bd18-1fd3-4a05-867f-07176aebc7f6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1219",
"datePublished": "2022-04-08T08:45:18",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0256 (GCVE-0-2022-0256)
Vulnerability from cvelistv5
Published
2022-01-17 15:10
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThanOrEqual": "10.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T15:10:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7"
}
],
"source": {
"advisory": "8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0256",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.2.8"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1"
},
{
"name": "https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7"
}
]
},
"source": {
"advisory": "8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0256",
"datePublished": "2022-01-17T15:10:09",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0348 (GCVE-0-2022-0348)
Vulnerability from cvelistv5
Published
2022-01-27 14:10
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:39.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T14:10:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a"
}
],
"source": {
"advisory": "250e79be-7e5d-4ba3-9c34-655e39ade2f4",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0348",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4"
},
{
"name": "https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a"
}
]
},
"source": {
"advisory": "250e79be-7e5d-4ba3-9c34-655e39ade2f4",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0348",
"datePublished": "2022-01-27T14:10:11",
"dateReserved": "2022-01-24T00:00:00",
"dateUpdated": "2024-08-02T23:25:39.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1117 (GCVE-0-2023-1117)
Vulnerability from cvelistv5
Published
2023-03-01 00:00
Modified
2025-03-07 18:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1117",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T18:32:19.058376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T18:32:31.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39"
},
{
"url": "https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853"
}
],
"source": {
"advisory": "e8c0044d-a31b-4347-b2d5-59fbf492da39",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1117",
"datePublished": "2023-03-01T00:00:00.000Z",
"dateReserved": "2023-03-01T00:00:00.000Z",
"dateUpdated": "2025-03-07T18:32:31.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3821 (GCVE-0-2023-3821)
Vulnerability from cvelistv5
Published
2023-07-21 14:50
Modified
2024-10-16 13:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3821",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T13:28:26.507881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:47:02.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T14:50:39.925Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa"
},
{
"url": "https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c"
}
],
"source": {
"advisory": "599ba4f6-c900-4161-9127-f1e6a6e29aaa",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3821",
"datePublished": "2023-07-21T14:50:39.925Z",
"dateReserved": "2023-07-21T14:50:26.881Z",
"dateUpdated": "2024-10-16T13:47:02.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2983 (GCVE-0-2023-2983)
Vulnerability from cvelistv5
Published
2023-05-30 00:00
Modified
2025-01-10 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Summary
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.23 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2983",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T20:52:11.150827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:52:19.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1"
},
{
"url": "https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a"
}
],
"source": {
"advisory": "6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1",
"discovery": "EXTERNAL"
},
"title": "Privilege Defined With Unsafe Actions in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2983",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2023-05-30T00:00:00",
"dateUpdated": "2025-01-10T20:52:19.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1578 (GCVE-0-2023-1578)
Vulnerability from cvelistv5
Published
2023-03-22 00:00
Modified
2025-02-25 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1578",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T19:51:39.947365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:52:13.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-22T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e"
},
{
"url": "https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2"
}
],
"source": {
"advisory": "7e441a14-8e55-4ab4-932c-4dc56bb1bc2e",
"discovery": "EXTERNAL"
},
"title": " SQL Injection in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1578",
"datePublished": "2023-03-22T00:00:00.000Z",
"dateReserved": "2023-03-22T00:00:00.000Z",
"dateUpdated": "2025-02-25T19:52:13.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2614 (GCVE-0-2023-2614)
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-27 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2614",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T19:42:03.624276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T19:42:18.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6"
},
{
"url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7"
}
],
"source": {
"advisory": "1a5e6c65-2c5e-4617-9411-5b47a7e743a6",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2614",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-27T19:42:18.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2361 (GCVE-0-2023-2361)
Vulnerability from cvelistv5
Published
2023-04-28 00:00
Modified
2025-01-30 20:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2361",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:47:38.780310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:47:51.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-28T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7"
},
{
"url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a"
}
],
"source": {
"advisory": "24d91b83-c3df-48f5-a713-9def733f2de7",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2361",
"datePublished": "2023-04-28T00:00:00.000Z",
"dateReserved": "2023-04-28T00:00:00.000Z",
"dateUpdated": "2025-01-30T20:47:51.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0509 (GCVE-0-2022-0509)
Vulnerability from cvelistv5
Published
2022-02-08 11:30
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-08T11:30:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597"
}
],
"source": {
"advisory": "26cdf86c-8edc-4af6-8411-d569699ecd1b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0509",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.3.1"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b"
},
{
"name": "https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597"
}
]
},
"source": {
"advisory": "26cdf86c-8edc-4af6-8411-d569699ecd1b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0509",
"datePublished": "2022-02-08T11:30:11",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1339 (GCVE-0-2022-1339)
Vulnerability from cvelistv5
Published
2022-04-13 09:45
Modified
2024-08-03 00:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:05.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T09:45:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c"
}
],
"source": {
"advisory": "ae8dc737-844e-40da-a9f7-e72d8e50f6f9",
"discovery": "EXTERNAL"
},
"title": "SQL injection in ElementController.php in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1339",
"STATE": "PUBLIC",
"TITLE": "SQL injection in ElementController.php in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.3.5"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9"
},
{
"name": "https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c"
}
]
},
"source": {
"advisory": "ae8dc737-844e-40da-a9f7-e72d8e50f6f9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1339",
"datePublished": "2022-04-13T09:45:15",
"dateReserved": "2022-04-13T00:00:00",
"dateUpdated": "2024-08-03T00:03:05.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3673 (GCVE-0-2023-3673)
Vulnerability from cvelistv5
Published
2023-07-14 12:19
Modified
2024-10-22 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3673",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T15:08:39.938277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T15:16:48.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.24",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T12:19:04.063Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9"
},
{
"url": "https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9"
}
],
"source": {
"advisory": "46ca0934-5260-477b-9e86-7b16bb18d0a9",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3673",
"datePublished": "2023-07-14T12:19:04.063Z",
"dateReserved": "2023-07-14T12:18:52.623Z",
"dateUpdated": "2024-10-22T15:16:48.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0705 (GCVE-0-2022-0705)
Vulnerability from cvelistv5
Published
2022-03-16 10:30
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T10:30:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b"
}
],
"source": {
"advisory": "0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0705",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.4.0"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"
},
{
"name": "https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b"
}
]
},
"source": {
"advisory": "0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0705",
"datePublished": "2022-03-16T10:30:12",
"dateReserved": "2022-02-21T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5873 (GCVE-0-2023-5873)
Vulnerability from cvelistv5
Published
2023-10-31 08:06
Modified
2025-02-27 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 11.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T20:32:14.898853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:38:44.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "11.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T08:06:44.834Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce"
},
{
"url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"
}
],
"source": {
"advisory": "701cfc30-22a1-4c4b-9b2f-885c77c290ce",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5873",
"datePublished": "2023-10-31T08:06:44.834Z",
"dateReserved": "2023-10-31T08:06:32.067Z",
"dateUpdated": "2025-02-27T20:38:44.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2984 (GCVE-0-2023-2984)
Vulnerability from cvelistv5
Published
2023-05-30 00:00
Modified
2025-01-13 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-29 - Path Traversal: '\..\filename'
Summary
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2984",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T19:58:45.587644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T19:58:54.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal: \u0027\\..\\filename\u0027 in GitHub repository pimcore/pimcore prior to 10.5.22."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-29",
"description": "CWE-29 Path Traversal: \u0027\\..\\filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191"
},
{
"url": "https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed"
}
],
"source": {
"advisory": "5df8b951-e2f1-4548-a7e3-601186e1b191",
"discovery": "EXTERNAL"
},
"title": "Path Traversal: \u0027\\..\\filename\u0027 in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2984",
"datePublished": "2023-05-30T00:00:00",
"dateReserved": "2023-05-30T00:00:00",
"dateUpdated": "2025-01-13T19:58:54.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2322 (GCVE-0-2023-2322)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 18:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2322",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:34:58.772721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:35:16.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67"
},
{
"url": "https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773"
}
],
"source": {
"advisory": "f7228f3f-3bef-46fe-b0e3-56c432048a67",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2322",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:35:16.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0323 (GCVE-0-2023-0323)
Vulnerability from cvelistv5
Published
2023-01-16 00:00
Modified
2025-04-07 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0323",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:07:52.732115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:08:14.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-16T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343"
},
{
"url": "https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04"
}
],
"source": {
"advisory": "129d6a4b-0504-4de1-a72c-3f12c4552343",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0323",
"datePublished": "2023-01-16T00:00:00.000Z",
"dateReserved": "2023-01-16T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:08:14.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0262 (GCVE-0-2022-0262)
Vulnerability from cvelistv5
Published
2022-01-18 15:40
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:38.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T15:40:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7"
}
],
"source": {
"advisory": "b38a4e14-5dcb-4e49-9990-494dc2a8fa0d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0262",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.7"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d"
},
{
"name": "https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7"
}
]
},
"source": {
"advisory": "b38a4e14-5dcb-4e49-9990-494dc2a8fa0d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0262",
"datePublished": "2022-01-18T15:40:11",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:25:38.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4453 (GCVE-0-2023-4453)
Vulnerability from cvelistv5
Published
2023-08-21 09:22
Modified
2024-10-03 14:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.6.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4453",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:05:40.417708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:06:28.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T09:22:03.718Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993"
},
{
"url": "https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e"
}
],
"source": {
"advisory": "245a8785-0fc0-4561-b181-fa20f869d993",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4453",
"datePublished": "2023-08-21T09:22:03.718Z",
"dateReserved": "2023-08-21T09:21:50.682Z",
"dateUpdated": "2024-10-03T14:06:28.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0565 (GCVE-0-2022-0565)
Vulnerability from cvelistv5
Published
2022-02-12 12:30
Modified
2024-11-19 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0565",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T19:16:12.822873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:16:33.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:47:31.977Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245"
}
],
"source": {
"advisory": "b0b29656-4bbe-41cf-92f6-8579df0b6de5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in pimcore/pimcore",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0565",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.3.1"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist pimcore/pimcore prior to 10.3.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5"
},
{
"name": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245"
}
]
},
"source": {
"advisory": "b0b29656-4bbe-41cf-92f6-8579df0b6de5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0565",
"datePublished": "2022-02-12T12:30:10",
"dateReserved": "2022-02-11T00:00:00",
"dateUpdated": "2024-11-19T19:16:33.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2339 (GCVE-0-2023-2339)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-30 21:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2339",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:26:57.069892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:27:22.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2"
},
{
"url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480"
}
],
"source": {
"advisory": "bb1537a5-fe7b-4c77-a582-10a82435fbc2",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2339",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-30T21:27:22.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1429 (GCVE-0-2022-1429)
Vulnerability from cvelistv5
Published
2022-04-22 09:10
Modified
2024-08-03 00:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.3.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.3.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T09:10:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82"
}
],
"source": {
"advisory": "cfba30b4-85fa-4499-9160-cd6e3119310e",
"discovery": "EXTERNAL"
},
"title": "SQL injection in GridHelperService.php in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1429",
"STATE": "PUBLIC",
"TITLE": "SQL injection in GridHelperService.php in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.3.6"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e"
},
{
"name": "https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82"
}
]
},
"source": {
"advisory": "cfba30b4-85fa-4499-9160-cd6e3119310e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1429",
"datePublished": "2022-04-22T09:10:10",
"dateReserved": "2022-04-22T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2615 (GCVE-0-2023-2615)
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-27 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2615",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T19:41:26.034087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T19:41:38.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a"
},
{
"url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f"
}
],
"source": {
"advisory": "af9c360a-87f8-4e97-a24b-6db675ee942a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2615",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-05-10T00:00:00.000Z",
"dateUpdated": "2025-01-27T19:41:38.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3820 (GCVE-0-2023-3820)
Vulnerability from cvelistv5
Published
2023-07-21 14:44
Modified
2024-10-16 13:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3820",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T13:29:49.583374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:54:24.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-21T14:44:44.799Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db"
},
{
"url": "https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97"
}
],
"source": {
"advisory": "b00a38b6-d040-494d-bf46-38f46ac1a1db",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3820",
"datePublished": "2023-07-21T14:44:44.799Z",
"dateReserved": "2023-07-21T14:44:31.494Z",
"dateUpdated": "2024-10-16T13:54:24.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4081 (GCVE-0-2021-4081)
Vulnerability from cvelistv5
Published
2021-12-10 10:20
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-10T10:20:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a"
}
],
"source": {
"advisory": "da173e66-76ba-4f98-b8fb-429aabf222d3",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4081",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.6"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3"
},
{
"name": "https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a"
}
]
},
"source": {
"advisory": "da173e66-76ba-4f98-b8fb-429aabf222d3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4081",
"datePublished": "2021-12-10T10:20:15",
"dateReserved": "2021-12-09T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0258 (GCVE-0-2022-0258)
Vulnerability from cvelistv5
Published
2022-01-17 15:15
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:38.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThanOrEqual": "10.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T15:15:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd"
}
],
"source": {
"advisory": "0df891e4-6412-4d9a-a9b7-d9df50311802",
"discovery": "EXTERNAL"
},
"title": " SQL Injection in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0258",
"STATE": "PUBLIC",
"TITLE": " SQL Injection in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.2.8"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802"
},
{
"name": "https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd"
}
]
},
"source": {
"advisory": "0df891e4-6412-4d9a-a9b7-d9df50311802",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0258",
"datePublished": "2022-01-17T15:15:10",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:25:38.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4139 (GCVE-0-2021-4139)
Vulnerability from cvelistv5
Published
2021-12-21 12:50
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-21T12:50:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245"
}
],
"source": {
"advisory": "6ec59e43-095f-4ba3-8b75-e92250da8e3a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4139",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.7"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a"
},
{
"name": "https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245"
}
]
},
"source": {
"advisory": "6ec59e43-095f-4ba3-8b75-e92250da8e3a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4139",
"datePublished": "2021-12-21T12:50:10",
"dateReserved": "2021-12-20T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1067 (GCVE-0-2023-1067)
Vulnerability from cvelistv5
Published
2023-02-27 00:00
Modified
2025-03-10 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1067",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T19:54:41.532360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T19:54:56.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045"
},
{
"url": "https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf"
}
],
"source": {
"advisory": "31d17b34-f80d-49f2-86e7-97ae715cc045",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1067",
"datePublished": "2023-02-27T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-03-10T19:54:56.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0263 (GCVE-0-2022-0263)
Vulnerability from cvelistv5
Published
2022-01-18 15:55
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T15:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911"
}
],
"source": {
"advisory": "96506857-06bc-4c84-88b7-4f397715bcf6",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0263",
"STATE": "PUBLIC",
"TITLE": "Unrestricted Upload of File with Dangerous Type in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.7"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6"
},
{
"name": "https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911"
}
]
},
"source": {
"advisory": "96506857-06bc-4c84-88b7-4f397715bcf6",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0263",
"datePublished": "2022-01-18T15:55:10",
"dateReserved": "2022-01-17T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4146 (GCVE-0-2021-4146)
Vulnerability from cvelistv5
Published
2022-01-18 15:30
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Errors
Summary
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.2.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.2.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T15:30:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6"
}
],
"source": {
"advisory": "47b37054-cafe-4f48-8b40-c86efc7fb760",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4146",
"STATE": "PUBLIC",
"TITLE": "Business Logic Errors in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.2.6"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760"
},
{
"name": "https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6"
}
]
},
"source": {
"advisory": "47b37054-cafe-4f48-8b40-c86efc7fb760",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4146",
"datePublished": "2022-01-18T15:30:12",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3255 (GCVE-0-2022-3255)
Vulnerability from cvelistv5
Published
2022-09-21 12:00
Modified
2025-05-28 15:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3255",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T15:21:24.868395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T15:21:33.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If an attacker can control a script that is executed in the victim\u0027s browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-21T12:00:21.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b"
}
],
"source": {
"advisory": "0ea45cf9-b256-454c-9031-2435294c0902",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3255",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in pimcore/pimcore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pimcore/pimcore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.5.7"
}
]
}
}
]
},
"vendor_name": "pimcore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If an attacker can control a script that is executed in the victim\u0027s browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902"
},
{
"name": "https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b",
"refsource": "MISC",
"url": "https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b"
}
]
},
"source": {
"advisory": "0ea45cf9-b256-454c-9031-2435294c0902",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3255",
"datePublished": "2022-09-21T12:00:21.000Z",
"dateReserved": "2022-09-21T00:00:00.000Z",
"dateUpdated": "2025-05-28T15:21:33.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1702 (GCVE-0-2023-1702)
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-12 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1702",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:51:36.635999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:52:16.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d"
},
{
"url": "https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19"
}
],
"source": {
"advisory": "d8a47f29-3297-4fce-b534-e1d95a2b3e19",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1702",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:52:16.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2341 (GCVE-0-2023-2341)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 18:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2341",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:32:03.288924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:32:18.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d"
},
{
"url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11"
}
],
"source": {
"advisory": "cf3901ac-a649-478f-ab08-094ef759c11d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2341",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:32:18.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2338 (GCVE-0-2023-2338)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-02-03 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2338",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T16:28:43.287625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T16:28:46.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462"
},
{
"url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520"
}
],
"source": {
"advisory": "bbf59fa7-cf5b-4945-81b0-328adc710462",
"discovery": "EXTERNAL"
},
"title": " SQL Injection in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2338",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-02-03T16:28:46.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1703 (GCVE-0-2023-1703)
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-12 19:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T19:31:27.192757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:31:33.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1"
},
{
"url": "https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef"
}
],
"source": {
"advisory": "d12d105c-18fa-4d08-b591-b0e89e39eec1",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1703",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-12T19:31:33.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2340 (GCVE-0-2023-2340)
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2025-01-31 18:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2340",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:32:45.538619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:32:58.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b"
},
{
"url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e"
}
],
"source": {
"advisory": "964762b0-b4fe-441c-81e1-0ebdbbf80f3b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2340",
"datePublished": "2023-04-27T00:00:00.000Z",
"dateReserved": "2023-04-27T00:00:00.000Z",
"dateUpdated": "2025-01-31T18:32:58.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1517 (GCVE-0-2023-1517)
Vulnerability from cvelistv5
Published
2023-03-20 00:00
Modified
2025-02-26 19:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | pimcore/pimcore |
Version: unspecified < 10.5.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1517",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T19:22:48.766744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T19:22:56.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/pimcore",
"vendor": "pimcore",
"versions": [
{
"lessThan": "10.5.19",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d"
},
{
"url": "https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7"
}
],
"source": {
"advisory": "82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in pimcore/pimcore"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1517",
"datePublished": "2023-03-20T00:00:00.000Z",
"dateReserved": "2023-03-20T00:00:00.000Z",
"dateUpdated": "2025-02-26T19:22:56.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}