CVE-2023-1703 – Cross-site Scripting (XSS) - Generic in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1703
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. • https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1702 – Cross-site Scripting (XSS) - Generic in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1702
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. • https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1704 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1704
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20. • https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0 https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-28438 – Pimcore vulnerable to improper quoting of filters in Custom Reports
https://notcve.org/view.php?id=CVE-2023-28438
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. • https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch https://github.com/pimcore/pimcore/pull/14526 https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1578 – SQL Injection in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1578
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. • https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2 https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •