CVE-2023-5873 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-5873
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. Cross-site Scripting (XSS): almacenado en el repositorio de GitHub pimcore/pimcore anterior a 11.1.0. • https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-5844 – Unverified Password Change in pimcore/admin-ui-classic-bundle
https://notcve.org/view.php?id=CVE-2023-5844
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. Cambio de contraseña no verificado en el repositorio de GitHub pimcore/admin-ui-classic-bundle anterior a 1.2.0. • https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021 • CWE-287: Improper Authentication CWE-620: Unverified Password Change •
CVE-2023-5192 – Excessive Data Query Operations in a Large Data Table in pimcore/demo
https://notcve.org/view.php?id=CVE-2023-5192
Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0. Operaciones excesivas de consulta de datos en una tabla de datos grande en el repositorio de GitHub pimcore/demo antes de 10.3.0. • https://github.com/pimcore/demo/commit/a2a7ff3b565882aefb759804aac4a51afb458f1f https://huntr.dev/bounties/65c954f2-79c3-4672-8846-a3035e7a1db7 • CWE-1049: Excessive Data Query Operations in a Large Data Table •
CVE-2023-42817 – Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations
https://notcve.org/view.php?id=CVE-2023-42817
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually. • https://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-m988-7375-7g2c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4453 – Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-4453
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8. • https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •