Page 10 of 141 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. • https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch https://github.com/pimcore/pimcore/pull/14972 https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773 https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520 https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •