CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2341 – Cross-site Scripting (XSS) - Generic in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2341
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11 https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2342 – Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2342
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564 https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-28850 – Pimcore Perspective Editor vulnerable to Cross-site Scripting in perspective name
https://notcve.org/view.php?id=CVE-2023-28850
Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually. • https://github.com/pimcore/perspective-editor/pull/121.patch https://github.com/pimcore/perspective-editor/security/advisories/GHSA-fq8q-55v3-2986 https://huntr.dev/bounties/5529f51e-e40f-46f1-887b-c9dbebab4f06 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1701 – Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1701
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20. • https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1703 – Cross-site Scripting (XSS) - Generic in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1703
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. • https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •