CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2361 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2361
28 Apr 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30852 – Pimcore Arbitrary File Read in Admin JS CSS files
https://notcve.org/view.php?id=CVE-2023-30852
27 Apr 2023 — Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to ... • https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30850 – Pimcore SQL Injection Vulnerability in Admin Translations API
https://notcve.org/view.php?id=CVE-2023-30850
27 Apr 2023 — Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. • https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30849 – Pimcore vulnerable to SQL Injection in Translation Export API
https://notcve.org/view.php?id=CVE-2023-30849
27 Apr 2023 — Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. • https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30848 – Pimcore SQL Injection Vulnerability in Admin Search Find API
https://notcve.org/view.php?id=CVE-2023-30848
27 Apr 2023 — Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. • https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2327 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2327
27 Apr 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2339 – Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2339
27 Apr 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2322 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2322
27 Apr 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2323 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2323
27 Apr 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2328 – Cross-site Scripting (XSS) - Generic in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-2328
27 Apr 2023 — Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. • https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •