U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:pimcore:pimcore:3.0.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 106 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2022-1429

SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data

Published: April 22, 2022; 5:15:08 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-1351

Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.

Published: April 14, 2022; 6:15:07 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-1339

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data

Published: April 13, 2022; 6:15:07 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-1219

SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data

Published: April 08, 2022; 5:15:10 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-0705

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: March 16, 2022; 7:15:07 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0704

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: March 16, 2022; 6:15:08 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0911

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: March 16, 2022; 5:15:07 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0894

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: March 15, 2022; 7:15:09 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0893

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Published: March 15, 2022; 7:15:08 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0832

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Published: March 04, 2022; 9:15:07 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0831

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Published: March 04, 2022; 9:15:07 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0665

Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.

Published: February 22, 2022; 10:15:07 AM -0500 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2022-0565

Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.

Published: February 14, 2022; 7:15:21 AM -0500 		V4.0:(not available)
 V3.1: 6.4 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2022-0510

Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.

Published: February 08, 2022; 10:15:07 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0509

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.

Published: February 08, 2022; 7:15:07 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0348

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.

Published: January 27, 2022; 9:15:07 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0251

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.

Published: January 26, 2022; 6:15:08 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0285

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.

Published: January 20, 2022; 10:15:07 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-0263

Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.

Published: January 18, 2022; 11:15:08 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-0262

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.

Published: January 18, 2022; 11:15:08 AM -0500 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM