CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3673 – SQL Injection in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-3673
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. • https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9 https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2983 – Privilege Defined With Unsafe Actions in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2983
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. • https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-2984 – Path Traversal: '\..\filename' in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2984
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. • https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2730 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2730
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. • https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878 https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2614 – Cross-site Scripting (XSS) - DOM in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2614
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7 https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •