CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1429 – SQL injection in GridHelperService.php in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2022-1429
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data Una inyección SQL en el archivo GridHelperService.php en el repositorio de GitHub pimcore/pimcore versiones anteriores a 10.3.6. Esta vulnerabilidad es capaz de robar los datos • https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82 https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1351 – Stored XSS in Tooltip in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2022-1351
Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. Una vulnerabilidad de tipo XSS almacenado en Tooltip en el repositorio de GitHub pimcore/pimcore versiones anteriores a 10.4 • https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1339 – SQL injection in ElementController.php in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2022-1339
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data Una Inyección SQL en el archivo ElementController.php en el repositorio de GitHub pimcore/pimcore versiones anteriores a 10.3.5. Esta vulnerabilidad es capaz de robar los datos • https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1219 – SQL injection in RecyclebinController.php in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2022-1219
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data Una inyección SQL en el archivo RecyclebinController.php en el repositorio de GitHub pimcore/pimcore versiones anteriores a 10.3.5. Esta vulnerabilidad es capaz de robar los datos • https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017 https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0705 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2022-0705
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub pimcore/pimcore versiones anteriores a 10.4.0 • https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9 https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •