Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pimcore — Vulnerabilities & Security Advisories 133

Browse all 133 CVE security advisories affecting pimcore. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by pimcore:pimcore/pimcorepimcoreadmin-ui-classic-bundlepimcore/customer-data-frameworkcustomer-data-frameworkPimcore Customer Data FrameworkPimcore AdminBundlepimcore/data-hubperspective-editorpimcore/demopimcore/admin-ui-classic-bundleecommerce-framework-bundle
CVE IDTitleCVSSSeverityPublished
CVE-2023-42817 Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations — admin-ui-classic-bundleCWE-79 5.4 Medium2023-09-25
CVE-2023-4453 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-08-21
CVE-2023-38708 Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction — pimcoreCWE-22 6.3 Medium2023-08-04
CVE-2023-4145 Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-79 5.4 -2023-08-03
CVE-2023-3822 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-07-21
CVE-2023-3821 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-07-21
CVE-2023-3820 SQL Injection in pimcore/pimcore — pimcore/pimcoreCWE-89 6.5 -2023-07-21
CVE-2023-3819 Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore — pimcore/pimcoreCWE-200 7.5 -2023-07-21
CVE-2023-3673 SQL Injection in pimcore/pimcore — pimcore/pimcoreCWE-89 6.5 -2023-07-14
CVE-2023-37280 Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page — admin-ui-classic-bundleCWE-79 5.0 Medium2023-07-11
CVE-2023-3574 Improper Authorization in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-285 7.1 -2023-07-10
CVE-2023-2984 Path Traversal: '\..\filename' in pimcore/pimcore — pimcore/pimcoreCWE-29 8.1 -2023-05-30
CVE-2023-2983 Privilege Defined With Unsafe Actions in pimcore/pimcore — pimcore/pimcoreCWE-267 8.8 -2023-05-30
CVE-2023-2881 Storing Passwords in a Recoverable Format in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-257 6.5 -2023-05-25
CVE-2023-2756 SQL Injection in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-89 8.8 -2023-05-17
CVE-2023-2730 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-16
CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules — customer-data-frameworkCWE-20 4.3 Medium2023-05-11
CVE-2023-2614 Cross-site Scripting (XSS) - DOM in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-10
CVE-2023-2615 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-10
CVE-2023-2616 Cross-site Scripting (XSS) - Generic in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-10
CVE-2023-2630 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-05-10
CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework — pimcore/customer-data-frameworkCWE-1236 8.0 -2023-05-10
CVE-2023-30855 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php — pimcoreCWE-22 6.5 Medium2023-05-08
CVE-2023-2361 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-28
CVE-2023-30852 Pimcore Arbitrary File Read in Admin JS CSS files — pimcoreCWE-22 4.4 Medium2023-04-27
CVE-2023-30850 Pimcore SQL Injection Vulnerability in Admin Translations API — pimcoreCWE-89 8.8 High2023-04-27
CVE-2023-30849 Pimcore vulnerable to SQL Injection in Translation Export API — pimcoreCWE-89 8.8 High2023-04-27
CVE-2023-30848 Pimcore SQL Injection Vulnerability in Admin Search Find API — pimcoreCWE-89 8.8 High2023-04-27
CVE-2023-2338 SQL Injection in pimcore/pimcore — pimcore/pimcoreCWE-89 8.8 -2023-04-27
CVE-2023-2343 Cross-site Scripting (XSS) - DOM in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27

This page lists every published CVE security advisory associated with pimcore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.