Pimcore: Security Vulnerabilities
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-05-30
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-05-25
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
CVSS Score
6.5
EPSS Score
0.055
Published
2023-05-17
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-05-16
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-11
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS Score
5.7
EPSS Score
0.0
Published
2023-05-10
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
CVSS Score
5.0
EPSS Score
0.0
Published
2023-05-10
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-05-10
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-05-10
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-05-10