CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4084 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2021-4084
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') pimcore es vulnerable a una Neutralización Inadecuada de Entradas Durante la Generación de Páginas Web ("Cross-site Scripting") • https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065 https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4081 – Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2021-4081
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') pimcore es vulnerable a una Neutralización Inadecuada de Entradas Durante la Generación de Páginas Web ("Cross-site Scripting") • https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4082 – Cross-Site Request Forgery (CSRF) in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2021-4082
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) pimcore es vulnerable a un ataque de tipo Cross-Site Request Forgery (CSRF) • https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28 https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39189 – Observable Response Discrepancy in Lost Password Service
https://notcve.org/view.php?id=CVE-2021-39189
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. Pimcore es una plataforma de administración de datos y experiencias de código abierto. • https://github.com/pimcore/pimcore/pull/10223.patch https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca039132bdfcbb0dce https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9 https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39170 – Improper Encoding or Escaping of Output in Asset Metadata Component
https://notcve.org/view.php?id=CVE-2021-39170
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually. Pimcore es una plataforma de administración de datos y experiencias de código abierto. • https://github.com/pimcore/pimcore/pull/10178 https://github.com/pimcore/pimcore/pull/10178.patch https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •