CVE-2024-32871 |
Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in file size than the original. This vulnerability is fixed in 11.2.4. |
v11.1.0,
v11.1.0-RC1,
v11.0.12,
v11.0.11,
v11.0.10,
v11.0.9,
v11.0.8,
v11.0.7
, v11.0.6, v11.0.5, v11.0.4, v11.0.3, v11.0.1, v11.0.0, v11.0.2, v11.2.3, v11.2.2, v11.2.1, v11.2.0, v11.1.6, v11.1.5, v11.1.4, v11.1.3, v11.1.2, v11.1.1
(Show all)
|
Minor → v11.2.4 |
CVE-2024-29197 |
Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1.
|
v11.1.0,
v11.1.0-RC1,
v11.0.12,
v11.0.11,
v11.0.10,
v11.0.9,
v11.0.8,
v11.0.7
, v11.0.6, v11.0.5, v11.0.4, v11.0.3, v11.0.1, v11.0.2, v11.2.1, v11.2.0, v11.1.6, v11.1.5, v11.1.4, v11.1.3, v11.1.2, v11.1.1
(Show all)
|
Minor → v11.2.4 |
CVE-2023-5873 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.6.9, v11.0.0-ALPHA1, v10.6.8, v10.6.7, v10.6.3, v10.5.25, v10.6.6, v10.6.4, v10.6.5, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.6.0, v10.5.22, v10.5.19, v11.0.0-RC2, v11.0.0-RC1, v11.0.0-BETA1, v11.0.0-ALPHA7, v11.0.0-ALPHA6, v11.0.0-ALPHA4, v11.0.0-ALPHA5, v10.5.24, v10.5.23, v10.5.21, v10.5.20, v10.6.1, v11.0.0-ALPHA8, v11.0.0-ALPHA3, v11.0.0-ALPHA2, v10.6.2, v11.1.0-RC1, v11.0.12, v11.0.11, v11.0.10, v11.0.9, v11.0.8, v11.0.7, v11.0.6, v11.0.5, v11.0.4, v11.0.3, v11.0.1, v11.0.0, v11.0.2
(Show all)
|
Patch → v11.2.4 |
CVE-2023-47637 |
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.6.9, v11.0.0-ALPHA1, v10.6.8, v10.6.7, v10.6.3, v10.5.25, v10.6.6, v10.6.4, v10.6.5, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.6.0, v10.5.22, v10.5.19, v11.0.0-RC2, v11.0.0-RC1, v11.0.0-BETA1, v11.0.0-ALPHA7, v11.0.0-ALPHA6, v11.0.0-ALPHA4, v11.0.0-ALPHA5, v10.5.24, v10.5.23, v10.5.21, v10.5.20, v10.6.1, v11.0.0-ALPHA8, v11.0.0-ALPHA3, v11.0.0-ALPHA2, v10.6.2, v11.1.0, v11.1.0-RC1, v11.0.12, v11.0.11, v11.0.10, v11.0.9, v11.0.8, v11.0.7, v11.0.6, v11.0.5, v11.0.4, v11.0.3, v11.0.1, v11.0.0, v11.0.2
(Show all)
|
Patch → v11.2.4 |
CVE-2023-4453 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.6.7, v10.6.3, v10.5.25, v10.6.6, v10.6.4, v10.6.5, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.6.0, v10.5.22, v10.5.19, v10.5.24, v10.5.23, v10.5.21, v10.5.20, v10.6.1, v10.6.2
(Show all)
|
Patch → v11.2.4 |
CVE-2023-38708 |
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.
The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.6.3, v10.5.25, v10.6.6, v10.6.4, v10.6.5, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.6.0, v10.5.22, v10.5.19, v10.5.24, v10.5.23, v10.5.21, v10.5.20, v10.6.1, v10.6.2
(Show all)
|
Patch → v11.2.4 |
CVE-2023-3822 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.6.3, v10.5.25, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.6.0, v10.5.22, v10.5.19, v10.5.24, v10.5.23, v10.5.21, v10.5.20, v10.6.1, v10.6.2
(Show all)
|
Patch → v11.2.4 |
CVE-2023-3821 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.6.3, v10.5.25, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.6.0, v10.5.22, v10.5.19, v10.5.24, v10.5.23, v10.5.21, v10.5.20, v10.6.1, v10.6.2
(Show all)
|
Patch → v11.2.4 |
CVE-2023-3820 |
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.6.3, v10.5.25, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.6.0, v10.5.22, v10.5.19, v10.5.24, v10.5.23, v10.5.21, v10.5.20, v10.6.1, v10.6.2
(Show all)
|
Patch → v11.2.4 |
CVE-2023-3819 |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.6.3, v10.5.25, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.6.0, v10.5.22, v10.5.19, v10.5.24, v10.5.23, v10.5.21, v10.5.20, v10.6.1, v10.6.2
(Show all)
|
Patch → v11.2.4 |
CVE-2023-3673 |
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.22, v10.5.19, v10.5.23, v10.5.21, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-30855 |
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-30852 |
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-30850 |
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-30849 |
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-30848 |
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2984 |
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.21, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2983 |
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.22, v10.5.19, v10.5.21, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-28438 |
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-28429 |
Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-28108 |
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-28106 |
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2730 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.1, v10.2.10
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2630 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2616 |
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2615 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2614 |
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-25240 |
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.15, v10.5.14
(Show all)
|
Patch → v11.2.4 |
CVE-2023-23937 |
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce.
The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.15, v10.5.14
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2361 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2343 |
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2342 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2341 |
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2340 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2339 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2338 |
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2336 |
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2332 |
None |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2328 |
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2327 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2323 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-2322 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19, v10.5.20
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1704 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1703 |
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1702 |
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1701 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.5.19
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1578 |
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1517 |
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1515 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1429 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1312 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1286 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1247 |
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.6.9, v11.0.0-ALPHA1, v10.6.8, v10.6.7, v10.6.3, v10.5.25, v10.6.6, v10.6.4, v10.6.5, v10.5.16, v10.5.15, v10.5.14, v10.5.18, v10.5.17, v10.6.0, v10.5.22, v10.5.19, v11.0.0-RC2, v11.0.0-RC1, v11.0.0-BETA1, v11.0.0-ALPHA7, v11.0.0-ALPHA6, v11.0.0-ALPHA4, v11.0.0-ALPHA5, v10.5.24, v10.5.23, v10.5.21, v10.5.20, v10.6.1, v11.0.0-ALPHA8, v11.0.0-ALPHA3, v11.0.0-ALPHA2, v10.6.2
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1117 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1116 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1115 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-1067 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3, v10.5.16, v10.5.15, v10.5.14, v10.5.17
(Show all)
|
Patch → v11.2.4 |
CVE-2023-0827 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, dev-stale_config_update, dev-translation-fallback
(Show all)
|
Patch → v11.2.4 |
CVE-2023-0323 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.12, v10.5.9, v10.5.10, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.13, v10.5.11, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3
(Show all)
|
Patch → v11.2.4 |
CVE-2022-39365 |
Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.7, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.8, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3
(Show all)
|
Patch → v11.2.4 |
CVE-2022-3255 |
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.2, v10.5.1, v10.4.4, v10.5.6, v10.4.3
(Show all)
|
Patch → v11.2.4 |
CVE-2022-3211 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.5, v10.5.4, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.2, v10.5.1, v10.4.4, v10.4.3
(Show all)
|
Patch → v11.2.4 |
CVE-2022-31092 |
Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.4.2, v10.4.1, v10.4.0, v10.4.3
(Show all)
|
Patch → v11.2.4 |
CVE-2022-2796 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4, v10.5.0, v10.5.3, v10.4.6, v10.4.5, v10.4.2, v10.4.1, v10.4.0, v10.5.2, v10.5.1, v10.4.4, v10.4.3
(Show all)
|
Patch → v11.2.4 |
CVE-2022-1429 |
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.4
(Show all)
|
Patch → v11.2.4 |
CVE-2022-1351 |
Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4
(Show all)
|
Patch → v11.2.4 |
CVE-2022-1339 |
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.1, v10.3.3, v10.2.10, v10.3.4
(Show all)
|
Patch → v11.2.4 |
CVE-2022-1219 |
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.1, v10.3.3, v10.2.10, v10.3.4
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0911 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0894 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0893 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0832 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.1, v10.2.10
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0831 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.1, v10.2.10
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0705 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0704 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.2, v10.3.0, v10.3.6, v10.3.5, v10.3.1, v10.3.3, v10.2.10, v10.3.7, v10.3.4
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0665 |
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.0, v10.3.1, v10.2.10
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0565 |
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
|
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.0, v10.2.10
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0510 |
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.0, v10.2.10
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0509 |
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9, v10.3.0, v10.2.10
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0348 |
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0285 |
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0263 |
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0262 |
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0260 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0258 |
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0257 |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0256 |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7
(Show all)
|
Patch → v11.2.4 |
CVE-2022-0251 |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7, v10.2.9
(Show all)
|
Patch → v11.2.4 |
CVE-2021-4146 |
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6, v10.2.8, v10.2.7
(Show all)
|
Patch → v11.2.4 |
CVE-2021-4139 |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0, v10.2.6
(Show all)
|
Patch → v11.2.4 |
CVE-2021-4084 |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0
(Show all)
|
Patch → v11.2.4 |
CVE-2021-4082 |
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0
(Show all)
|
Patch → v11.2.4 |
CVE-2021-4081 |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.2.4, v10.2.5, v10.2.2, v10.1.2, v10.2.0, v10.2.1, v10.1.5, v10.1.4, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.2.3, v10.0.7, v10.1.3, v6.9.0
(Show all)
|
Patch → v11.2.4 |
CVE-2021-39189 |
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.1.2, v10.0.6, v10.1.1, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.0.7, v6.9.0
(Show all)
|
Patch → v11.2.4 |
CVE-2021-39170 |
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.0.6, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.0.7, v6.9.0
(Show all)
|
Patch → v11.2.4 |
CVE-2021-39166 |
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.0.6, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.0.7, v6.9.0
(Show all)
|
Patch → v11.2.4 |
CVE-2021-37702 |
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.0.6, v10.0.5, v10.1.0, v10.0.9, v10.0.4, 10.0.8, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v10.0.7, v6.9.0
(Show all)
|
Patch → v11.2.4 |
CVE-2021-23405 |
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6, v10.0.6, v10.0.5, v10.0.4, v10.0.3, v10.0.2, v10.0.0, v10.0.0-BETA4, v10.0.0-BETA3, v10.0.0-BETA2, v10.0.0-BETA1, v6.9.4, v6.9.3, v6.9.2, v6.9.1, v6.8.12, v6.8.10, v6.8.9, v6.8.8, v6.9.6, v10.0.1, v6.9.5, v6.8.11, v6.9.0
(Show all)
|
Patch → v11.2.4 |
CVE-2021-23340 |
This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.7, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.6, v6.8.0, v6.7.3, v6.8.5, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6
(Show all)
|
Patch → v11.2.4 |
CVE-2020-7759 |
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{"keyId"%3a"''","groupId"%3a"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+"}] |
v6.8.2,
v6.8.1,
v6.7.2,
v6.8.0,
v6.7.3
|
Major → v11.2.4 |
CVE-2020-26246 |
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1, v6.8.4, v6.8.3, v6.8.2, v6.8.1, v6.7.2, v6.7.1, v6.7.0, v6.6.11, v6.6.9, v6.6.10, v6.6.5, v6.6.4, v6.6.1, v6.6.0, v6.5.3, v6.5.1, v6.5.0, v6.4.1, v6.3.3, v6.3.2, v6.4.0, v6.3.1, v6.3.6, v6.8.0, v6.7.3, v6.6.8, v6.6.7, v6.6.3, v6.6.2, v6.5.2, v6.4.2, v6.3.4, v6.3.0, v6.3.5, v6.6.6
(Show all)
|
Patch → v11.2.4 |
CVE-2019-18986 |
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1
(Show all)
|
Patch → v11.2.4 |
CVE-2019-18985 |
Pimcore before 6.2.2 lacks brute force protection for the 2FA token. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1
(Show all)
|
Patch → v11.2.4 |
CVE-2019-18982 |
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1
(Show all)
|
Patch → v11.2.4 |
CVE-2019-18981 |
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1
(Show all)
|
Patch → v11.2.4 |
CVE-2019-18656 |
Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. |
v6.2.3,
v6.3.3,
v6.3.2,
v6.3.1,
v6.3.4,
v6.3.0
|
Major → v11.2.4 |
CVE-2019-16318 |
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1
(Show all)
|
Patch → v11.2.4 |
CVE-2019-16317 |
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1
(Show all)
|
Patch → v11.2.4 |
CVE-2019-10867 |
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1
(Show all)
|
Patch → v11.2.4 |
CVE-2019-10763 |
pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via 'id', 'storeId', 'pageSize' and 'tables' parameters, using a payload for trigger a time based or error based sql injection. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v6.2.3, v6.2.2, v6.2.0, v6.1.2, v6.1.1, v6.0.5, v6.0.4, v6.0.3, v6.0.2, v6.0.0, v5.8.9, v5.8.8, v5.8.7, v5.8.5, v5.8.4, v5.8.2, v5.8.1, v5.7.3, v5.7.2, v5.7.1, v5.6.6, v5.6.4, v5.6.2, v5.5.3, v5.5.2, v5.5.0, v5.4.4, v5.4.2, v5.4.1, v5.2.2, v5.3.0, v5.4.0, v5.8.6, v5.8.3, v5.8.0, v5.7.0, v5.6.5, v5.6.1, v5.6.3, v5.6.0, v5.5.4, v5.5.1, v5.2.3, v5.2.1, v5.4.3, v5.3.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1, v6.2.1, v6.1.0, v6.0.1
(Show all)
|
Patch → v11.2.4 |
CVE-2018-14059 |
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v5.2.2, v5.2.3, v5.2.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1
(Show all)
|
Patch → v11.2.4 |
CVE-2018-14058 |
Pimcore before 5.3.0 allows SQL Injection via the REST web service API. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v5.2.2, v5.2.3, v5.2.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1
(Show all)
|
Patch → v11.2.4 |
CVE-2018-14057 |
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. |
dev-phpstan-september,
dev-cs-fixer-check,
dev-custom-reports-improvements,
dev-fix-asset-rename,
dev-update-license,
dev-vulnerabilities_ignore_list,
dev-2753-fix-filter-type,
dev-element-dto
, dev-fix-metadata-unique-constraint, dev-14463-task-ecom-framework-js-and-css-updates, dev-creteproject-cache-clear, dev-csfixer-pimcore-only-1, dev-poc_capture_node, dev-twig-block-poc, 2.2.0, dev-stale_config_update, dev-translation-fallback, v5.2.2, v5.2.3, v5.2.1, v5.2.0, v5.1.3, v5.1.0-alpha, v5.0.4, v5.0.3, v5.0.1, v5.0.0-RC, 4.6.5, 4.6.4, 4.6.2, 4.6.0, 4.5.0, 4.4.3, 4.4.0, 4.3.1, 4.3.0, 4.1.2, 4.1.1, 4.1.0, 4.0.0, 3.1.0, 3.0.6, 3.0.5, 3.0.2, 3.0.1, 3.0.0, 2.3.0, 2.2.2, v5.1.2, v5.1.1, v5.1.0, v5.0.2, v5.0.0, 4.6.3, 4.6.1, 4.4.2, 4.4.1, 4.2.0, 4.1.3, 4.0.1, 3.1.1, 3.0.4, 3.0.3, 2.2.1
(Show all)
|
Patch → v11.2.4 |