ByteOS

Matching Score-10

CVSS Score-6.7||MEDIUM

EPSS-0.20% / 41.52%

7 Day CHG~0.00%

Published-23 Aug, 2022 | 08:00

Updated-03 Aug, 2024 | 00:46

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-1351

Matching Score-10

Matching Score-10

CVSS Score-6.8||MEDIUM

EPSS-0.03% / 6.26%

7 Day CHG~0.00%

Published-14 Apr, 2022 | 09:15

Updated-03 Aug, 2024 | 00:03

Stored XSS in Tooltip in pimcore/pimcore

Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0955

Matching Score-10

Matching Score-10

CVSS Score-6.5||MEDIUM

EPSS-0.02% / 4.97%

7 Day CHG~0.00%

Published-24 Mar, 2022 | 14:45

Updated-02 Aug, 2024 | 23:47

Cross-site Scripting (XSS) - Stored in pimcore/data-hub

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.

Vendor-Pimcore

Product-data-hub pimcore/data-hub

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0893

Matching Score-10

Matching Score-10

CVSS Score-6.8||MEDIUM

EPSS-0.01% / 2.48%

7 Day CHG~0.00%

Published-15 Mar, 2022 | 10:30

Updated-02 Aug, 2024 | 23:47

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0911

Matching Score-10

Matching Score-10

CVSS Score-6.8||MEDIUM

EPSS-0.01% / 2.48%

7 Day CHG~0.00%

Published-16 Mar, 2022 | 09:05

Updated-02 Aug, 2024 | 23:47

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-28106

Matching Score-10

Assigner-GitHub, Inc.

Matching Score-10

Assigner-GitHub, Inc.

CVSS Score-6.1||MEDIUM

EPSS-0.06% / 19.81%

7 Day CHG~0.00%

Published-16 Mar, 2023 | 16:31

Updated-25 Feb, 2025 | 14:55

Pimcore vulnerable to Cross-site Scripting in UrlSlug Data type

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.

Vendor-Pimcore

Product-pimcore pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2630

Matching Score-10

Matching Score-10

CVSS Score-5.7||MEDIUM

EPSS-0.00% / 0.06%

7 Day CHG~0.00%

Published-10 May, 2023 | 00:00

Updated-27 Jan, 2025 | 19:39

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2332

Matching Score-10

Matching Score-10

CVSS Score-4||MEDIUM

EPSS-0.00% / 0.05%

7 Day CHG~0.00%

Published-15 Nov, 2024 | 10:57

Updated-19 Nov, 2024 | 15:55

Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.

Vendor-Pimcore

Product-pimcore pimcore/pimcore pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-1286

Matching Score-10

Matching Score-10

CVSS Score-4.8||MEDIUM

EPSS-0.00% / 0.03%

7 Day CHG~0.00%

Published-09 Mar, 2023 | 00:00

Updated-28 Feb, 2025 | 16:33

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-30166

Matching Score-10

Assigner-GitHub, Inc.

Matching Score-10

Assigner-GitHub, Inc.

CVSS Score-1.8||LOW

EPSS-0.00% / 0.01%

7 Day CHG~0.00%

Published-08 Apr, 2025 | 11:07

Updated-04 Nov, 2025 | 18:45

Pimcore's Admin Classic Bundle allows HTML Injection

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.

Vendor-Pimcore

Product-admin_classic_bundle admin-ui-classic-bundle

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-1312

Matching Score-10

Matching Score-10

CVSS Score-5.2||MEDIUM

EPSS-0.01% / 0.37%

7 Day CHG~0.00%

Published-10 Mar, 2023 | 00:00

Updated-28 Feb, 2025 | 15:37

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-1517

Matching Score-10

Matching Score-10

CVSS Score-4||MEDIUM

EPSS-0.00% / 0.04%

7 Day CHG~0.00%

Published-20 Mar, 2023 | 00:00

Updated-26 Feb, 2025 | 19:22

Cross-site Scripting (XSS) - DOM in pimcore/pimcore

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-11954

Matching Score-8

Assigner-VulDB

Matching Score-8

Assigner-VulDB

CVSS Score-5.1||MEDIUM

EPSS-0.08% / 23.43%

7 Day CHG~0.00%

Published-28 Jan, 2025 | 13:14

Updated-04 Nov, 2025 | 17:40

Pimcore Search Document cross site scripting

A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor-n/a Pimcore

Product-pimcore Pimcore

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CVE-2022-3211

Matching Score-6

Matching Score-6

CVSS Score-5.8||MEDIUM

EPSS-0.02% / 4.36%

7 Day CHG~0.00%

Published-15 Sep, 2022 | 13:35

Updated-03 Aug, 2024 | 01:00

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-5873

Matching Score-6

Matching Score-6

CVSS Score-4||MEDIUM

EPSS-0.00% / 0.12%

7 Day CHG~0.00%

Published-31 Oct, 2023 | 08:06

Updated-27 Feb, 2025 | 20:38

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-46722

Matching Score-6

Assigner-GitHub, Inc.

Matching Score-6

Assigner-GitHub, Inc.

CVSS Score-6.1||MEDIUM

EPSS-0.01% / 2.22%

7 Day CHG~0.00%

Published-31 Oct, 2023 | 15:36

Updated-05 Sep, 2024 | 18:54

Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.

Vendor-Pimcore

Product-admin_classic_bundle admin-ui-classic-bundle

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE ID-CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CVE-2023-37280

Matching Score-6

Assigner-GitHub, Inc.

Matching Score-6

Assigner-GitHub, Inc.

CVSS Score-5||MEDIUM

EPSS-0.01% / 2.16%

7 Day CHG~0.00%

Published-11 Jul, 2023 | 18:19

Updated-23 Oct, 2024 | 15:18

Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3.

Vendor-Pimcore

Product-admin_classic_bundle admin-ui-classic-bundle

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0260

Matching Score-6

Matching Score-6

CVSS Score-6.5||MEDIUM

EPSS-0.02% / 5.56%

7 Day CHG~0.00%

Published-18 Jan, 2022 | 15:00

Updated-02 Aug, 2024 | 23:25

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0705

Matching Score-6

Matching Score-6

CVSS Score-4.2||MEDIUM

EPSS-0.01% / 0.69%

7 Day CHG~0.00%

Published-16 Mar, 2022 | 10:30

Updated-02 Aug, 2024 | 23:40

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0348

Matching Score-6

Matching Score-6

CVSS Score-4.3||MEDIUM

EPSS-0.02% / 5.51%

7 Day CHG~0.00%

Published-27 Jan, 2022 | 14:10

Updated-02 Aug, 2024 | 23:25

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0509

Matching Score-6

Matching Score-6

CVSS Score-6.6||MEDIUM

EPSS-0.04% / 13.42%

7 Day CHG~0.00%

Published-08 Feb, 2022 | 11:30

Updated-02 Aug, 2024 | 23:32

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0510

Matching Score-6

Matching Score-6

CVSS Score-4.3||MEDIUM

EPSS-0.03% / 9.47%

7 Day CHG~0.00%

Published-08 Feb, 2022 | 14:20

Updated-02 Aug, 2024 | 23:32

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0831

Matching Score-6

Matching Score-6

CVSS Score-4.6||MEDIUM

EPSS-0.13% / 33.00%

7 Day CHG~0.00%

Published-04 Mar, 2022 | 13:35

Updated-02 Aug, 2024 | 23:40

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0262

Matching Score-6

Matching Score-6

CVSS Score-6.6||MEDIUM

EPSS-0.04% / 10.50%

7 Day CHG~0.00%

Published-18 Jan, 2022 | 15:40

Updated-02 Aug, 2024 | 23:25

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0704

Matching Score-6

Matching Score-6

CVSS Score-4||MEDIUM

EPSS-0.03% / 8.21%

7 Day CHG~0.00%

Published-16 Mar, 2022 | 09:15

Updated-02 Aug, 2024 | 23:40

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0251

Matching Score-6

Matching Score-6

CVSS Score-8.1||HIGH

EPSS-0.01% / 1.44%

7 Day CHG~0.00%

Published-26 Jan, 2022 | 10:35

Updated-02 Aug, 2024 | 23:18

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0285

Matching Score-6

Matching Score-6

CVSS Score-6.6||MEDIUM

EPSS-0.04% / 11.12%

7 Day CHG~0.00%

Published-20 Jan, 2022 | 15:00

Updated-02 Aug, 2024 | 23:25

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0894

Matching Score-6

Matching Score-6

CVSS Score-8.2||HIGH

EPSS-0.01% / 1.03%

7 Day CHG~0.00%

Published-15 Mar, 2022 | 10:30

Updated-02 Aug, 2024 | 23:47

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0565

Matching Score-6

Matching Score-6

CVSS Score-7.6||HIGH

EPSS-0.04% / 13.21%

7 Day CHG~0.00%

Published-12 Feb, 2022 | 12:30

Updated-19 Nov, 2024 | 19:16

Cross-site Scripting in pimcore/pimcore

Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0832

Matching Score-6

Matching Score-6

CVSS Score-4.6||MEDIUM

EPSS-0.18% / 39.85%

7 Day CHG~0.00%

Published-04 Mar, 2022 | 13:40

Updated-02 Aug, 2024 | 23:40

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0256

Matching Score-6

Matching Score-6

CVSS Score-5.3||MEDIUM

EPSS-0.01% / 0.92%

7 Day CHG~0.00%

Published-17 Jan, 2022 | 15:10

Updated-02 Aug, 2024 | 23:25

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-0257

Matching Score-6

Matching Score-6

CVSS Score-6.1||MEDIUM

EPSS-0.02% / 3.39%

7 Day CHG~0.00%

Published-17 Jan, 2022 | 15:15

Updated-02 Aug, 2024 | 23:25

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2018-14059

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.01% / 0.30%

7 Day CHG~0.00%

Published-24 Aug, 2018 | 22:00

Updated-05 Aug, 2024 | 09:21

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.

Vendor-n/a Pimcore

Product-pimcore n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2730

Matching Score-6

Matching Score-6

CVSS Score-6.3||MEDIUM

EPSS-0.01% / 0.34%

7 Day CHG~0.00%

Published-16 May, 2023 | 00:00

Updated-22 Jan, 2025 | 21:17

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2614

Matching Score-6

Matching Score-6

CVSS Score-6.8||MEDIUM

EPSS-0.00% / 0.11%

7 Day CHG~0.00%

Published-10 May, 2023 | 00:00

Updated-27 Jan, 2025 | 19:42

Cross-site Scripting (XSS) - DOM in pimcore/pimcore

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2616

Matching Score-6

Matching Score-6

CVSS Score-6.8||MEDIUM

EPSS-0.00% / 0.11%

7 Day CHG~0.00%

Published-10 May, 2023 | 00:00

Updated-27 Jan, 2025 | 19:40

Cross-site Scripting (XSS) - Generic in pimcore/pimcore

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2615

Matching Score-6

Matching Score-6

CVSS Score-6.8||MEDIUM

EPSS-0.00% / 0.11%

7 Day CHG~0.00%

Published-10 May, 2023 | 00:00

Updated-27 Jan, 2025 | 19:41

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2327

Matching Score-6

Matching Score-6

CVSS Score-4||MEDIUM

EPSS-0.00% / 0.05%

7 Day CHG~0.00%

Published-27 Apr, 2023 | 00:00

Updated-31 Jan, 2025 | 18:33

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-2323

Matching Score-6

Matching Score-6

CVSS Score-6.8||MEDIUM

EPSS-0.00% / 0.04%

7 Day CHG~0.00%

Published-27 Apr, 2023 | 00:00

Updated-31 Jan, 2025 | 18:34

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-1116

Matching Score-6

Matching Score-6

CVSS Score-5.4||MEDIUM

EPSS-0.00% / 0.02%

7 Day CHG~0.00%

Published-01 Mar, 2023 | 00:00

Updated-07 Mar, 2025 | 18:33

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-1117

Matching Score-6

Matching Score-6

CVSS Score-4.8||MEDIUM

EPSS-0.00% / 0.01%

7 Day CHG~0.00%

Published-01 Mar, 2023 | 00:00

Updated-07 Mar, 2025 | 18:32

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-1704

Matching Score-6

Matching Score-6

CVSS Score-5.1||MEDIUM

EPSS-0.00% / 0.03%

7 Day CHG~0.00%

Published-29 Mar, 2023 | 00:00

Updated-12 Feb, 2025 | 19:31

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-1702

Matching Score-6

Matching Score-6

CVSS Score-4||MEDIUM

EPSS-0.00% / 0.02%

7 Day CHG~0.00%

Published-29 Mar, 2023 | 00:00

Updated-12 Feb, 2025 | 16:52

Cross-site Scripting (XSS) - Generic in pimcore/pimcore

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-0827

Matching Score-6

Matching Score-6

CVSS Score-6.3||MEDIUM

EPSS-0.02% / 5.04%

7 Day CHG~0.00%

Published-14 Feb, 2023 | 00:00

Updated-20 Mar, 2025 | 18:49

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-4139

Matching Score-6

Matching Score-6

CVSS Score-6.6||MEDIUM

EPSS-0.02% / 5.51%

7 Day CHG~0.00%

Published-21 Dec, 2021 | 12:50

Updated-03 Aug, 2024 | 17:16

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-0323

Matching Score-6

Matching Score-6

CVSS Score-6.1||MEDIUM

EPSS-0.01% / 0.97%

7 Day CHG~0.00%

Published-16 Jan, 2023 | 00:00

Updated-07 Apr, 2025 | 15:08

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-4081

Matching Score-6

Matching Score-6

CVSS Score-5.5||MEDIUM

EPSS-0.01% / 1.35%

7 Day CHG~0.00%

Published-10 Dec, 2021 | 10:20

Updated-03 Aug, 2024 | 17:16

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-4084

Matching Score-6

Matching Score-6

CVSS Score-7.4||HIGH

EPSS-0.02% / 4.93%

7 Day CHG~0.00%

Published-10 Dec, 2021 | 11:15

Updated-03 Aug, 2024 | 17:16

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vendor-Pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-39166

Matching Score-6

Assigner-GitHub, Inc.

Matching Score-6

Assigner-GitHub, Inc.

CVSS Score-8||HIGH

EPSS-0.02% / 4.36%

7 Day CHG~0.00%

Published-01 Sep, 2021 | 14:00

Updated-04 Aug, 2024 | 01:58

Improper Neutralization of Text-Values in Object Version Preview

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2.

Vendor-Pimcore

Product-pimcore pimcore

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-39170

Matching Score-6

Assigner-GitHub, Inc.