Version v10.6.9

pimcore/pimcore

Core Framework for the Open Source Data & Experience Management Platform (PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce)

Install Instructions

composer require pimcore/pimcore
Current Version Release Date October 08, 2024
Language PHP

Find pimcore/pimcore vulnerabilities in your supply chain.

Scan for Free

pimcore/pimcore Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2018-14057 High 8.8 CWE-352 0.00539 0.77759
  • v5.0.0–v5.2.3
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2018-14058 Medium 6.5 CWE-89 0.00911 0.83308
  • v5.0.0–v5.2.3
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2018-14059 Medium 5.4 CWE-79 0.00279 0.68862
  • v5.0.0–v5.2.3
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2019-10763 Medium 6.5 CWE-89 0.00065 0.29728
  • v6.0.0–v6.2.3
  • v5.0.0–v5.8.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2019-10867 High 8.8 CWE-502 0.84641 0.98592
  • v5.0.0–v5.7.0
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2019-16317 High 8.8 CWE-502 0.00097 0.41789
  • v5.0.0–v5.7.0
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2019-16318 High 8.8 CWE-434 0.00104 0.43655
  • v5.0.0–v5.7.0
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2019-18981 High 9.8 CWE-838 0.00217 0.60245
  • v6.0.0–v6.2.1
  • v5.0.0–v5.8.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2019-18982 Medium 6.1 CWE-79 0.00077 0.342
  • v6.0.0–v6.2.3
  • v5.0.0–v5.8.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2019-18985 High 9.8 CWE-307 0.00217 0.60245
  • v6.0.0–v6.2.1
  • v5.0.0–v5.8.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2019-18986 High 7.5 CWE-307 0.00105 0.44042
  • v6.0.0–v6.2.1
  • v5.0.0–v5.8.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2020-26246 Medium 6.5 CWE-285, CWE-281 0.0005 0.20556
  • v6.0.0–v6.8.4
  • v5.0.0–v5.8.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-23340 High 7.1 CWE-22 0.00072 0.32694
  • v6.0.0–v6.8.7
  • v5.0.0–v5.8.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-23405 High 8.8 CWE-89 0.00096 0.41323
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.0.6
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-37702 High 8.8 CWE-1236 0.00104 0.43702
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.1.0
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-39166 Medium 5.4 CWE-79 0.0005 0.20556
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.1.0
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-39170 Medium 5.4 CWE-79, CWE-116 0.00073 0.33025
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.1.0
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-39189 Medium 5.3 CWE-203 0.00095 0.41205
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.1.2
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-4081 Medium 6.1 CWE-79 0.00076 0.33939
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.5
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-4082 Medium 4.3 CWE-352 0.00071 0.32314
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.5
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-4084 Medium 6.1 CWE-79 0.00076 0.33939
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.5
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-4139 High 9 CWE-79 0.00096 0.41323
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.6
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2021-4146 Medium 4.3 CWE-840 0.00053 0.22407
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.8
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0251 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0256 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.8
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0257 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.8
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0258 High 8.8 CWE-89 0.00098 0.41946
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.8
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0260 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.8
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0262 Medium 6.1 CWE-79 0.00076 0.33939
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.6
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0263 High 7.8 CWE-434 0.00048 0.18923
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.6
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0285 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.8
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0348 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.2.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0509 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.0
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0510 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.0
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0565 Medium 6.4 CWE-200, CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.0
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0665 Medium 6.5 CWE-22 0.00076 0.34104
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.1
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0704 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.7
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0705 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.7
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0831 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.2
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0832 Medium 5.4 CWE-79 0.00073 0.32798
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.2
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0893 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.7
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0894 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.7
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-0911 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.7
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-1219 High 7.5 CWE-89 0.00184 0.56482
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.4
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-1339 High 7.5 CWE-89 0.00184 0.56482
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.4
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-1351 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.7
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-1429 High 7.5 CWE-89 0.00184 0.56482
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.5
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-2796 Medium 4.8 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.3
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-31092 High 8.1 CWE-89 0.00303 0.70214
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.4.3
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-3211 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.5
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-3255 Medium 4.8 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.6
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2022-39365 High 9.8 CWE-94 0.01738 0.88299
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.8
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-0323 Medium 5.4 CWE-79 0.00053 0.22598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.13
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-0827 Medium 5.4 CWE-79 0.00058 0.2598
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
CVE-2023-1067 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.17
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1115 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.17
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1116 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.17
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1117 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.17
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1247 Medium 5.4 CWE-79 None None
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v11.0.0-ALPHA1–v11.0.0-RC2
  • v10.0.0–v10.6.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1286 Medium 4.8 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1312 Medium 4.8 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1429 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1515 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1517 Medium 4.8 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1578 High 8.8 CWE-89 0.00088 0.38625
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1701 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.19
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1702 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.19
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1703 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.19
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-1704 Medium 5.4 CWE-79 0.00058 0.2598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.19
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2322 Medium 5.4 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2323 Medium 5.4 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2327 Medium 5.4 CWE-79 0.0008 0.35598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2328 Medium 5.4 CWE-79 0.0008 0.35598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2332 Unknown CWE-79 None None
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2336 Medium 6.5 CWE-22 0.00062 0.28025
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2338 High 8.8 CWE-89 0.00092 0.40563
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2339 Medium 5.4 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2340 Medium 5.4 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2341 Medium 6.1 CWE-79 0.00072 0.32664
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2342 Medium 5.4 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2343 Medium 5.4 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2361 Medium 5.4 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-23937 Medium 5.4 CWE-434 0.00054 0.2404
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.15
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-25240 High 8.8 CWE-352 0.00224 0.61188
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.15
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2614 Medium 5.4 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2615 Medium 5.4 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2616 Medium 5.4 CWE-79 0.0008 0.35598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2630 Medium 4.8 CWE-79 0.00056 0.24666
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2730 Medium 5.4 CWE-79 0.0008 0.35598
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.3.2
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-28106 Medium 4.8 CWE-79 0.00085 0.37246
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-28108 High 7.8 CWE-89 0.00044 0.13744
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-28429 Medium 6.1 CWE-79 0.00089 0.39218
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-28438 High 8 CWE-89 0.00167 0.5424
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.18
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2983 High 8.8 CWE-267 0.0011 0.45237
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.22
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-2984 High 8.8 CWE-29 0.0011 0.45237
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.21
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-30848 High 8.8 CWE-89 0.00179 0.55962
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-30849 High 8.8 CWE-89 0.00179 0.55962
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-30850 High 8.8 CWE-89 0.00179 0.55907
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-30852 Medium 4.9 CWE-22 0.00117 0.46752
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.20
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-30855 High 7.5 CWE-22 0.00159 0.53202
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.17
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-3673 High 7.2 CWE-89 0.00072 0.32396
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.5.23
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-3819 Medium 6.5 CWE-200 0.00067 0.30935
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.6.3
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-3820 High 7.2 CWE-89 0.00072 0.32396
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.6.3
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-3821 Medium 5.4 CWE-79 0.00056 0.24439
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.6.3
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-3822 Medium 6.1 CWE-79 0.00075 0.33731
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.6.3
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-38708 High 8.8 CWE-22 0.00148 0.51743
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.6.6
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-4453 Medium 5.4 CWE-79 0.00056 0.24439
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v10.0.0–v10.6.7
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-47637 High 8.8 CWE-89 0.00071 0.32171
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v11.0.0–v11.1.0-RC1
  • v10.0.0–v10.6.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2023-5873 Medium 5.4 CWE-79 0.00056 0.24439
  • v6.0.0–v6.9.6
  • v5.0.0–v5.8.9
  • v11.0.0–v11.1.0-RC1
  • v10.0.0–v10.6.9
  • dev-vulnerabilities_ignore_list
  • dev-update-license
  • dev-twig-block-poc
  • dev-translation-fallback
  • dev-stale_config_update
  • dev-poc_capture_node
  • dev-phpstan-september
  • dev-fix-metadata-unique-constraint
  • dev-fix-asset-rename
  • dev-element-dto
  • dev-custom-reports-improvements
  • dev-csfixer-pimcore-only-1
  • dev-cs-fixer-check
  • dev-creteproject-cache-clear
  • dev-2753-fix-filter-type
  • dev-14463-task-ecom-framework-js-and-css-updates
  • 10.0.8
  • 4.0.0–4.6.5
  • 3.0.0–3.1.1
  • 2.2.0–2.3.0
CVE-2019-18656 Medium 6.1 CWE-79 0.00078 0.35003
  • v6.2.3–v6.3.4
CVE-2020-7759 High 7.2 CWE-89 0.00104 0.43702
  • v6.7.2–v6.8.2
CVE-2024-29197 Medium 6.5 CWE-200 0.00043 0.10003
  • v11.0.1–v11.2.1
CVE-2024-32871 High 7.5 CWE-770 0.00056 0.24695
  • v11.0.0–v11.2.3

pimcore/pimcore Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-32871 Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4. v11.1.0, v11.1.0-RC1, v11.0.12, v11.0.11, v11.0.10, v11.0.9, v11.0.8, v11.0.7 (Show all) Minor → v11.2.4
CVE-2024-29197 Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1. v11.1.0, v11.1.0-RC1, v11.0.12, v11.0.11, v11.0.10, v11.0.9, v11.0.8, v11.0.7 (Show all) Minor → v11.2.4
CVE-2023-5873 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-47637 Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-4453 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-38708 Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-3822 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-3821 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-3820 SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-3819 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-3673 SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-30855 Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-30852 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-30850 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-30849 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-30848 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2984 Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2983 Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-28438 Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-28429 Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-28108 Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-28106 Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2730 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2630 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2616 Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2615 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2614 Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-25240 An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-23937 Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2361 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2343 Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2342 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2341 Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2340 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2339 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2338 SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2336 Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2332 None dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2328 Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2327 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2323 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-2322 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1704 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1703 Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1702 Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1701 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1578 SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1517 Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1515 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1429 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1312 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1286 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1247 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1117 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1116 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1115 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-1067 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-0827 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2023-0323 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-39365 Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-3255 If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-3211 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-31092 Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-2796 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-1429 SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-1351 Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-1339 SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-1219 SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0911 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0894 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0893 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0832 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0831 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0705 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0704 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0665 Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0565 Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0510 Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0509 Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0348 Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0285 Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0263 Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0262 Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0260 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0258 pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0257 pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0256 pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2022-0251 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-4146 Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-4139 pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-4084 pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-4082 pimcore is vulnerable to Cross-Site Request Forgery (CSRF) dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-4081 pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-39189 Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-39170 Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-39166 Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-37702 Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-23405 This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2021-23340 This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2020-7759 The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{"keyId"%3a"''","groupId"%3a"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+"}] v6.8.2, v6.8.1, v6.7.2, v6.8.0, v6.7.3 Major → v11.2.4
CVE-2020-26246 Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2019-18986 Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2019-18985 Pimcore before 6.2.2 lacks brute force protection for the 2FA token. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2019-18982 bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2019-18981 Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2019-18656 Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. v6.2.3, v6.3.3, v6.3.2, v6.3.1, v6.3.4, v6.3.0 Major → v11.2.4
CVE-2019-16318 In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2019-16317 In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2019-10867 An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2019-10763 pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2018-14059 Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2018-14058 Pimcore before 5.3.0 allows SQL Injection via the REST web service API. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4
CVE-2018-14057 Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. dev-phpstan-september, dev-cs-fixer-check, dev-custom-reports-improvements, dev-fix-asset-rename, dev-update-license, dev-vulnerabilities_ignore_list, dev-2753-fix-filter-type, dev-element-dto (Show all) Patch → v11.2.4

Instantly see if these pimcore/pimcore vulnerabilities affect your code.

Scan for Free