CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1312 – Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1312
10 Mar 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. • https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1286 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1286
09 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. • https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1117 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1117
01 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. • https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1115 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1115
01 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. • https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1116 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1116
01 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. • https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1067 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-1067
27 Feb 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. • https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0827 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-0827
14 Feb 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. • https://github.com/pimcore/pimcore/commit/f4050586136cb4c44e3d6042111a1b87b340df95 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25240
https://notcve.org/view.php?id=CVE-2023-25240
13 Feb 2023 — An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/pimcore/pimCore-10.5.15 • CWE-1265: Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23937 – Missing file upload type validation in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-23937
03 Feb 2023 — Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patch... • https://github.com/pimcore/pimcore/commit/75a448ef8ac74424cf4e723afeb6d05f9eed872f • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0323 – Cross-site Scripting (XSS) - Stored in pimcore/pimcore
https://notcve.org/view.php?id=CVE-2023-0323
16 Jan 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. cross site scripting (XSS): almacenado en el repositorio de GitHub pimcore/pimcore antes del 10.5.14. • https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •