Page 2 of 115 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. Cross-site Scripting (XSS): almacenado en el repositorio de GitHub pimcore/pimcore anterior a 11.1.0. • https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8. • https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted. • https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4. • https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236 https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4. • https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •