Page 8 of 112 results (0.027 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20. • https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. • https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. • https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20. • https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0 https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. • https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch https://github.com/pimcore/pimcore/pull/14526 https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •