CVE-2023-3821 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-3821
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4. • https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-3820 – SQL Injection in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-3820
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. • https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97 https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-3819 – Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-3819
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. • https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54 https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-3673 – SQL Injection in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-3673
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. • https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9 https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-2983 – Privilege Defined With Unsafe Actions in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2983
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. • https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1 • CWE-267: Privilege Defined With Unsafe Actions •