Show filters
144 Total Results
Displaying 111-120 of 144
Sort by:
Attacker Value
Unknown

CVE-2021-4146

Disclosure Date: January 18, 2022 (last updated February 23, 2025)
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0260

Disclosure Date: January 18, 2022 (last updated February 23, 2025)
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-0258

Disclosure Date: January 17, 2022 (last updated February 23, 2025)
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0257

Disclosure Date: January 17, 2022 (last updated February 23, 2025)
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-0256

Disclosure Date: January 17, 2022 (last updated February 23, 2025)
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4139

Disclosure Date: December 21, 2021 (last updated February 23, 2025)
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4084

Disclosure Date: December 10, 2021 (last updated February 23, 2025)
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4082

Disclosure Date: December 10, 2021 (last updated February 23, 2025)
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-4081

Disclosure Date: December 10, 2021 (last updated February 23, 2025)
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-39189

Disclosure Date: September 15, 2021 (last updated February 23, 2025)
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
0
0
View More Topics  < Previous  Next >