Pimcore: >> Pimcore >> 1.5.17 Security Vulnerabilities
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.
CVSS Score
5.4
EPSS Score
0.0
Published
2018-08-24
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
CVSS Score
8.8
EPSS Score
0.0
Published
2018-08-17
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
CVSS Score
6.5
EPSS Score
0.015
Published
2018-08-17
Page 12