pimcore/pimcore Licenses and Vulnerabilities

pimcore/pimcore Vulnerabilities

Sort by

CVE (Latest)

CVE (Latest)
CVE (Oldest)
CVSS Score (Highest)
CVSS Score (Lowest)

CVE	CVSS Score	CWE(s)	EPSS Score	EPSS %	Impacted Versions
CVE-2018-14057	High 8.8	CWE-352	0.00581	0.77949	v5.0.0–v5.2.3 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2018-14058	Medium 6.5	CWE-89	0.01197	0.84876	v5.0.0–v5.2.3 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2018-14059	Medium 5.4	CWE-79	0.00748	0.80789	v5.0.0–v5.2.3 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2019-10763	Medium 6.5	CWE-89	0.00063	0.2915	v6.0.0–v6.2.3 v5.0.0–v5.8.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2019-10867	High 8.8	CWE-502	0.94881	0.99461	v5.0.0–v5.7.0 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2019-16317	High 8.8	CWE-502	0.00098	0.41744	v5.0.0–v5.7.0 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2019-16318	High 8.8	CWE-434	0.00104	0.43559	v5.0.0–v5.7.0 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2019-18981	High 9.8	CWE-838	0.00217	0.59359	v6.0.0–v6.2.1 v5.0.0–v5.8.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2019-18982	Medium 6.1	CWE-79	0.00077	0.3515	v6.0.0–v6.2.3 v5.0.0–v5.8.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2019-18985	High 9.8	CWE-307	0.00217	0.59359	v6.0.0–v6.2.1 v5.0.0–v5.8.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2019-18986	High 7.5	CWE-307	0.00105	0.43887	v6.0.0–v6.2.1 v5.0.0–v5.8.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2020-26246	Medium 6.5	CWE-281, CWE-285	0.0005	0.21439	v6.0.0–v6.8.4 v5.0.0–v5.8.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-23340	High 7.1	CWE-22	0.0013	0.48344	v6.0.0–v6.8.7 v5.0.0–v5.8.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-23405	High 8.3	CWE-89	0.0014	0.50079	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.0.6 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-37702	High 8	CWE-1236	0.00104	0.43559	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.1.0 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-39166	High 8	CWE-79	0.0005	0.21439	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.1.0 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-39170	High 8	CWE-116, CWE-79	0.00088	0.39131	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.1.0 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-39189	Medium 5.3	CWE-203, CWE-204	0.00131	0.48527	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.1.2 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-4081	Medium 6.1	CWE-79	0.00074	0.34163	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.5 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-4082	Medium 4.3	CWE-352	0.00069	0.32284	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.5 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-4084	Medium 6.1	CWE-79	0.00074	0.34163	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.5 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-4139	High 9	CWE-79	0.00173	0.54638	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.6 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2021-4146	Medium 4.3	CWE-840	0.00054	0.23785	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.8 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0251	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0256	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.8 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0257	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.8 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0258	High 8.8	CWE-89	0.0014	0.50079	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.8 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0260	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.8 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0262	Medium 6.1	CWE-79	0.00074	0.34163	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.6 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0263	High 7.8	CWE-434	0.00042	0.04956	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.6 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0285	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.8 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0348	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.2.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0509	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.0 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0510	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.0 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0565	High 7.6	CWE-79, CWE-200	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.0 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0665	Medium 6.5	CWE-22	0.00074	0.34181	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.1 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0704	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.7 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0705	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.7 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0831	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.2 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0832	Medium 5.4	CWE-79	0.00073	0.33649	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.2 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0893	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.7 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0894	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.7 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-0911	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.7 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-1219	High 7.5	CWE-89	0.00292	0.68678	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.4 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-1339	High 7.5	CWE-89	0.00292	0.68678	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.4 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-1351	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.7 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-1429	High 7.5	CWE-89	0.00292	0.68678	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.5 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-2796	Medium 4.8	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.3 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-31092	High 7.5	CWE-89	0.00281	0.68015	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.4.3 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-3211	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.5 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-3255	Medium 4.8	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.6 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2022-39365	High 9.8	CWE-94	0.01892	0.88192	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.8 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-0323	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.13 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-0827	Medium 5.4	CWE-79	0.00054	0.24432	dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates
CVE-2023-1067	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.17 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1115	Medium 5.4	CWE-79	0.00058	0.2631	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.17 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1116	Medium 5.4	CWE-79	0.00058	0.2631	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.17 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1117	Medium 5.4	CWE-79	0.00058	0.2631	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.17 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1247	Medium 5.4	CWE-79	None	None	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v11.0.0-ALPHA1–v11.0.0-RC2 v10.0.0–v10.6.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1286	Medium 4.8	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1312	Medium 4.8	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1429	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1515	Medium 5.4	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1517	Medium 4.8	CWE-79	0.00054	0.24432	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1578	High 8.8	CWE-89	0.00114	0.45824	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1701	Medium 5.4	CWE-79	0.00058	0.2631	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.19 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1702	Medium 5.4	CWE-79	0.00058	0.2631	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.19 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1703	Medium 5.4	CWE-79	0.00058	0.2631	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.19 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-1704	Medium 5.4	CWE-79	0.00058	0.2631	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.19 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2322	Medium 5.4	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2323	Medium 5.4	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2327	Medium 5.4	CWE-79	0.00077	0.35188	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2328	Medium 5.4	CWE-79	0.00077	0.35188	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2332	Medium 4.8	CWE-79	0.00045	0.1574	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2336	Medium 6.5	CWE-22	0.00087	0.38482	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2338	High 8.8	CWE-89	0.00125	0.4749	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2339	Medium 5.4	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2340	Medium 5.4	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2341	Medium 6.1	CWE-79	0.00075	0.34728	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2342	Medium 5.4	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2343	Medium 5.4	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2361	Medium 5.4	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-23937	Medium 5.4	CWE-434	0.00054	0.25116	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.15 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-25240	High 8.8	CWE-352	0.0035	0.71548	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.15 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2614	Medium 5.4	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2615	Medium 5.4	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2616	Medium 5.4	CWE-79	0.00077	0.35188	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2630	Medium 4.8	CWE-79	0.00059	0.26519	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2730	Medium 5.4	CWE-79	0.00077	0.35188	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.3.2 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-28106	Medium 4.8	CWE-79	0.00143	0.50486	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-28108	High 7.8	CWE-89	0.00044	0.14307	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-28429	Medium 6.1	CWE-79	0.00089	0.39426	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-28438	High 8	CWE-89	0.00196	0.57226	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.18 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2983	High 8.8	CWE-267	0.0011	0.44907	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.22 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-2984	High 8.8	CWE-29	0.00103	0.42969	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.21 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-30848	High 8.8	CWE-89	0.00197	0.574	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-30849	High 8.8	CWE-89	0.00197	0.574	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-30850	High 8.8	CWE-89	0.00197	0.57333	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-30852	Medium 4.9	CWE-22	0.00207	0.58307	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.20 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-30855	High 7.5	CWE-22	0.00092	0.40434	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.17 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-3673	High 7.2	CWE-89	0.00084	0.37597	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.5.23 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-3819	Medium 6.5	CWE-200	0.00076	0.34824	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.6.3 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-3820	High 7.2	CWE-89	0.00084	0.37597	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.6.3 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-3821	Medium 5.4	CWE-79	0.00052	0.22559	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.6.3 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-3822	Medium 6.1	CWE-79	0.0006	0.27227	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.6.3 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-38708	High 8.8	CWE-22	0.0021	0.58616	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.6.6 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-4453	Medium 5.4	CWE-79	0.00052	0.22559	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v10.0.0–v10.6.7 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-47637	High 8.8	CWE-89	0.00128	0.47873	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v11.0.0–v11.1.0-RC1 v10.0.0–v10.6.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2023-5873	Medium 5.4	CWE-79	0.00052	0.22559	v6.0.0–v6.9.6 v5.0.0–v5.8.9 v11.0.0–v11.1.0-RC1 v10.0.0–v10.6.9 dev-vulnerabilities_ignore_list dev-update-license dev-twig-block-poc dev-translation-fallback dev-stale_config_update dev-poc_capture_node dev-phpstan-september dev-fix-metadata-unique-constraint dev-fix-asset-rename dev-element-dto dev-custom-reports-improvements dev-csfixer-pimcore-only-1 dev-cs-fixer-check dev-creteproject-cache-clear dev-2753-fix-filter-type dev-14463-task-ecom-framework-js-and-css-updates 10.0.8 4.0.0–4.6.5 3.0.0–3.1.1 2.2.0–2.3.0
CVE-2019-18656	Medium 6.1	CWE-79	0.00062	0.28164	v6.2.3–v6.3.4
CVE-2020-7759	Medium 6.5	CWE-89	0.00104	0.43559	v6.7.2–v6.8.2
CVE-2024-29197	Medium 6.5	CWE-200	0.00043	0.10859	v11.0.1–v11.2.1
CVE-2024-32871	High 7.5	CWE-770	0.00056	0.25688	v11.0.0–v11.2.3

pimcore/pimcore Vulnerability Remediation Guidance

CVE	Description	Full list of Impacted Versions	Fix
CVE-2024-32871	Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4.	v11.1.0, v11.1.0-RC1, v11.0.12, v11.0.11, v11.0.10, v11.0.9, v11.0.8, v11.0.7 (Show all)	Minor → v11.2.4
CVE-2024-29197	Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1.	v11.1.0, v11.1.0-RC1, v11.0.12, v11.0.11, v11.0.10, v11.0.9, v11.0.8, v11.0.7 (Show all)	Minor → v11.2.4
CVE-2023-5873	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-47637	Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-4453	Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-38708	Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-3822	Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-3821	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-3820	SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-3819	Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-3673	SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-30855	Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-30852	Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-30850	Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-30849	Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-30848	Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2984	Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2983	Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-28438	Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-28429	Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-28108	Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-28106	Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2730	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2630	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2616	Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2615	Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2614	Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-25240	An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-23937	Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2361	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2343	Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2342	Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2341	Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2340	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2339	Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2338	SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2336	Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2332	A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2328	Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2327	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2323	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-2322	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1704	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1703	Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1702	Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1701	Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1578	SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1517	Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1515	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1429	Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1312	Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1286	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1247	Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1117	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1116	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1115	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-1067	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-0827	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2023-0323	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-39365	Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-3255	If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-3211	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-31092	Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-2796	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-1429	SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-1351	Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-1339	SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-1219	SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0911	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0894	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0893	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0832	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0831	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0705	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0704	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0665	Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0565	Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0510	Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0509	Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0348	Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0285	Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0263	Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0262	Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0260	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0258	pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0257	pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0256	pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2022-0251	Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-4146	Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-4139	pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-4084	pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-4082	pimcore is vulnerable to Cross-Site Request Forgery (CSRF)	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-4081	pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-39189	Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-39170	Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-39166	Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-37702	Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-23405	This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2021-23340	This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2020-7759	The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{"keyId"%3a"''","groupId"%3a"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+"}]	v6.8.2, v6.8.1, v6.7.2, v6.8.0, v6.7.3	Major → v11.2.4
CVE-2020-26246	Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2019-18986	Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2019-18985	Pimcore before 6.2.2 lacks brute force protection for the 2FA token.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2019-18982	bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2019-18981	Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2019-18656	Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements.	v6.2.3, v6.3.3, v6.3.2, v6.3.1, v6.3.4, v6.3.0	Major → v11.2.4
CVE-2019-16318	In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2019-16317	In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2019-10867	An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2019-10763	pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2018-14059	Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2018-14058	Pimcore before 5.3.0 allows SQL Injection via the REST web service API.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4
CVE-2018-14057	Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.	dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all)	Patch → v11.2.4

Instantly see if these pimcore/pimcore vulnerabilities affect your code.

Scan for Free