Shodan
Vulnerabilities
Vulnerable Software
Pimcore:  Security Vulnerabilities
CVE-2023-2730
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-05-16
CVE-2023-32075
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-11
CVE-2023-2630
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS Score
5.7
EPSS Score
0.0
Published
2023-05-10
CVE-2023-2629
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
CVSS Score
5.0
EPSS Score
0.0
Published
2023-05-10
CVE-2023-2615
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-05-10
CVE-2023-2614
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-05-10
CVE-2023-2616
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-05-10
CVE-2023-30855
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-05-08
CVE-2023-2361
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-04-28
CVE-2023-30850
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-04-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved