Pimcore: >> Pimcore >> 3.1.0 Security Vulnerabilities
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.
CVSS Score
4.3
EPSS Score
0.0
Published
2022-01-18
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-01-18
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
5.3
EPSS Score
0.0
Published
2022-01-17
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.1
EPSS Score
0.0
Published
2022-01-17
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVSS Score
8.3
EPSS Score
0.0
Published
2022-01-17
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.6
EPSS Score
0.0
Published
2021-12-21
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
7.4
EPSS Score
0.0
Published
2021-12-10
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
5.5
EPSS Score
0.0
Published
2021-12-10
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.0
Published
2021-12-10
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-09-15