Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/pimcore/pimcore@5.6.1
Typecomposer
Namespacepimcore
Namepimcore
Version5.6.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.3.4
Latest_non_vulnerable_version12.3.7
Affected_by_vulnerabilities
0
url VCID-13m1-u59p-eue5
vulnerability_id VCID-13m1-u59p-eue5
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1517
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03578
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1517
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:22:48Z/
url https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7
3
reference_url https://github.com/pimcore/pimcore/pull/14631
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14631
4
reference_url https://github.com/pimcore/pimcore/pull/14631.patch
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14631.patch
5
reference_url https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:22:48Z/
url https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d
6
reference_url https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/
reference_id
reference_type
scores
url https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1517
reference_id CVE-2023-1517
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1517
8
reference_url https://github.com/advisories/GHSA-42x8-2v53-pqmj
reference_id GHSA-42x8-2v53-pqmj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-42x8-2v53-pqmj
9
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-42x8-2v53-pqmj
reference_id GHSA-42x8-2v53-pqmj
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-42x8-2v53-pqmj
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases CVE-2023-1517, GHSA-42x8-2v53-pqmj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-13m1-u59p-eue5
1
url VCID-1hqj-r197-dyfe
vulnerability_id VCID-1hqj-r197-dyfe
summary Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2983
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.00992
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2983
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T20:52:11Z/
url https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a
3
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-m4mv-rmr7-h5f5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-m4mv-rmr7-h5f5
4
reference_url https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T20:52:11Z/
url https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2983
reference_id CVE-2023-2983
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2983
6
reference_url https://github.com/advisories/GHSA-m4mv-rmr7-h5f5
reference_id GHSA-m4mv-rmr7-h5f5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4mv-rmr7-h5f5
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.23
purl pkg:composer/pimcore/pimcore@10.5.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-bb65-xxsn-m3gv
2
vulnerability VCID-cbx2-f95n-kqgd
3
vulnerability VCID-de3u-8wqt-uyc2
4
vulnerability VCID-dhdb-wakw-pufe
5
vulnerability VCID-f4vw-12f3-wfgb
6
vulnerability VCID-f5cg-bkw2-hqct
7
vulnerability VCID-hed9-c39j-87g2
8
vulnerability VCID-mcrd-q5wz-d7dk
9
vulnerability VCID-q7xb-xff7-77cf
10
vulnerability VCID-uaf3-v6zj-uuc3
11
vulnerability VCID-wzbf-bazj-4kgy
12
vulnerability VCID-xfwh-3838-j7ct
13
vulnerability VCID-xgwg-8q8s-cbfk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.23
aliases CVE-2023-2983, GHSA-m4mv-rmr7-h5f5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1hqj-r197-dyfe
2
url VCID-1r65-1mjp-23gr
vulnerability_id VCID-1r65-1mjp-23gr
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored XSS in Packagist pimcore/pimcore.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0285
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.1452
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0285
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835
3
reference_url https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0285
reference_id CVE-2022-0285
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0285
5
reference_url https://github.com/advisories/GHSA-pm3v-qxf6-fgxv
reference_id GHSA-pm3v-qxf6-fgxv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pm3v-qxf6-fgxv
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.9
purl pkg:composer/pimcore/pimcore@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-2jc7-hjcd-3qfb
4
vulnerability VCID-354d-zv99-73g6
5
vulnerability VCID-3et6-gmgj-h7bn
6
vulnerability VCID-3ref-crmy-eucd
7
vulnerability VCID-3xpj-x3xh-7ub9
8
vulnerability VCID-4dk6-cfer-t7b5
9
vulnerability VCID-4p8y-eknc-zfgn
10
vulnerability VCID-5qj5-vh6d-7khq
11
vulnerability VCID-5tz5-h4wq-3qfy
12
vulnerability VCID-68hd-e927-4kcu
13
vulnerability VCID-6w41-7cfk-j7cn
14
vulnerability VCID-7w3s-bvdz-bfht
15
vulnerability VCID-81mh-qb4b-n7a8
16
vulnerability VCID-84sb-282p-abb6
17
vulnerability VCID-8t1x-kdp9-jkag
18
vulnerability VCID-93rb-sj45-w3fh
19
vulnerability VCID-979q-g8dh-1fgw
20
vulnerability VCID-97te-6pwk-bbb4
21
vulnerability VCID-9m1k-bypd-zber
22
vulnerability VCID-9ra4-dac9-7qba
23
vulnerability VCID-a9e8-ky44-s3gc
24
vulnerability VCID-bb65-xxsn-m3gv
25
vulnerability VCID-bz3s-p33z-kqf2
26
vulnerability VCID-c2j7-ywhr-3ff3
27
vulnerability VCID-c5af-wpgt-dkep
28
vulnerability VCID-cbx2-f95n-kqgd
29
vulnerability VCID-cgzf-jppn-q7ff
30
vulnerability VCID-d7zd-p4g6-ryd1
31
vulnerability VCID-de3u-8wqt-uyc2
32
vulnerability VCID-dhdb-wakw-pufe
33
vulnerability VCID-drty-cbue-3kcv
34
vulnerability VCID-e11t-ywn5-v7gp
35
vulnerability VCID-f4vw-12f3-wfgb
36
vulnerability VCID-f5cg-bkw2-hqct
37
vulnerability VCID-f7yk-9pys-t7dr
38
vulnerability VCID-fhsn-akes-rqey
39
vulnerability VCID-fnz2-pbtj-43ak
40
vulnerability VCID-fvku-th2k-93d8
41
vulnerability VCID-gda3-s5cp-w7d4
42
vulnerability VCID-gs48-295u-mqdt
43
vulnerability VCID-gs7u-m432-yqaw
44
vulnerability VCID-hed9-c39j-87g2
45
vulnerability VCID-hn1d-5fbq-cyc7
46
vulnerability VCID-j9qv-7wsq-mkf6
47
vulnerability VCID-jgxx-v2wj-zkfh
48
vulnerability VCID-jx3r-bxmm-hfaw
49
vulnerability VCID-jxr2-qjbz-17ha
50
vulnerability VCID-m756-fmwt-dfbf
51
vulnerability VCID-m9aa-5k15-dfap
52
vulnerability VCID-mapb-drtt-rbez
53
vulnerability VCID-mcrd-q5wz-d7dk
54
vulnerability VCID-mhz5-dnv5-6uas
55
vulnerability VCID-mwu6-2hxd-efc2
56
vulnerability VCID-n6h3-gsty-sua2
57
vulnerability VCID-p7w5-8ynh-xuh4
58
vulnerability VCID-paqt-sa9x-2qcm
59
vulnerability VCID-px53-r47y-tbds
60
vulnerability VCID-q7xb-xff7-77cf
61
vulnerability VCID-qbz4-eznm-e3hw
62
vulnerability VCID-qn3n-hpd2-7baf
63
vulnerability VCID-qv8v-b5t4-jqb9
64
vulnerability VCID-sbqb-c913-rqhb
65
vulnerability VCID-t6ek-fzh4-mbdu
66
vulnerability VCID-tkcj-gar9-dbbh
67
vulnerability VCID-uaf3-v6zj-uuc3
68
vulnerability VCID-ud81-gjp6-s3ac
69
vulnerability VCID-ur7d-jx1z-kbet
70
vulnerability VCID-uxdh-6r6k-h7fr
71
vulnerability VCID-v6d4-h4sz-4yad
72
vulnerability VCID-v9ts-sd7r-gff2
73
vulnerability VCID-wdud-ckq4-wqfa
74
vulnerability VCID-wzbf-bazj-4kgy
75
vulnerability VCID-xa87-8qgt-t7az
76
vulnerability VCID-xfwh-3838-j7ct
77
vulnerability VCID-xgwg-8q8s-cbfk
78
vulnerability VCID-y92e-mb7u-sueg
79
vulnerability VCID-yah4-88g3-37ak
80
vulnerability VCID-ycet-r6tz-yyhn
81
vulnerability VCID-zbp5-8ec3-gfe4
82
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9
aliases CVE-2022-0285, GHSA-pm3v-qxf6-fgxv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1r65-1mjp-23gr
3
url VCID-1w28-9z15-4qck
vulnerability_id VCID-1w28-9z15-4qck
summary pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4084
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07649
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4084
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065
3
reference_url https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4084
reference_id CVE-2021-4084
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4084
5
reference_url https://github.com/advisories/GHSA-8w3x-r6x7-c5r5
reference_id GHSA-8w3x-r6x7-c5r5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w3x-r6x7-c5r5
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.6
purl pkg:composer/pimcore/pimcore@10.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fpuf-6uyn-hydv
42
vulnerability VCID-fvku-th2k-93d8
43
vulnerability VCID-gda3-s5cp-w7d4
44
vulnerability VCID-ggje-p3cm-fyhe
45
vulnerability VCID-gs48-295u-mqdt
46
vulnerability VCID-gs7u-m432-yqaw
47
vulnerability VCID-hed9-c39j-87g2
48
vulnerability VCID-hn1d-5fbq-cyc7
49
vulnerability VCID-hvgj-5hjn-cbhb
50
vulnerability VCID-j5pq-ekja-jffv
51
vulnerability VCID-j9qv-7wsq-mkf6
52
vulnerability VCID-jgxx-v2wj-zkfh
53
vulnerability VCID-jx3r-bxmm-hfaw
54
vulnerability VCID-jxr2-qjbz-17ha
55
vulnerability VCID-m756-fmwt-dfbf
56
vulnerability VCID-m9aa-5k15-dfap
57
vulnerability VCID-mapb-drtt-rbez
58
vulnerability VCID-mcrd-q5wz-d7dk
59
vulnerability VCID-mhz5-dnv5-6uas
60
vulnerability VCID-mwu6-2hxd-efc2
61
vulnerability VCID-n6h3-gsty-sua2
62
vulnerability VCID-p7w5-8ynh-xuh4
63
vulnerability VCID-paqt-sa9x-2qcm
64
vulnerability VCID-pnn8-zfvf-wqcf
65
vulnerability VCID-q7xb-xff7-77cf
66
vulnerability VCID-qbz4-eznm-e3hw
67
vulnerability VCID-qn3n-hpd2-7baf
68
vulnerability VCID-qv8v-b5t4-jqb9
69
vulnerability VCID-sbqb-c913-rqhb
70
vulnerability VCID-smn4-dvb2-u7hb
71
vulnerability VCID-t6ek-fzh4-mbdu
72
vulnerability VCID-tkcj-gar9-dbbh
73
vulnerability VCID-uaf3-v6zj-uuc3
74
vulnerability VCID-ud81-gjp6-s3ac
75
vulnerability VCID-ur7d-jx1z-kbet
76
vulnerability VCID-uxdh-6r6k-h7fr
77
vulnerability VCID-v6d4-h4sz-4yad
78
vulnerability VCID-v9ts-sd7r-gff2
79
vulnerability VCID-wdud-ckq4-wqfa
80
vulnerability VCID-wzbf-bazj-4kgy
81
vulnerability VCID-x7pr-fcen-r7d5
82
vulnerability VCID-xa87-8qgt-t7az
83
vulnerability VCID-xfwh-3838-j7ct
84
vulnerability VCID-xgwg-8q8s-cbfk
85
vulnerability VCID-y92e-mb7u-sueg
86
vulnerability VCID-yah4-88g3-37ak
87
vulnerability VCID-ycet-r6tz-yyhn
88
vulnerability VCID-zbp5-8ec3-gfe4
89
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6
aliases CVE-2021-4084, GHSA-8w3x-r6x7-c5r5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1w28-9z15-4qck
4
url VCID-295b-zzh8-q3h3
vulnerability_id VCID-295b-zzh8-q3h3
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0705
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01143
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0705
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
3
reference_url https://github.com/pimcore/pimcore/pull/11447
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/11447
4
reference_url https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0705
reference_id CVE-2022-0705
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0705
6
reference_url https://github.com/advisories/GHSA-xmq3-hgjx-6997
reference_id GHSA-xmq3-hgjx-6997
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmq3-hgjx-6997
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.1
purl pkg:composer/pimcore/pimcore@10.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-7w3s-bvdz-bfht
13
vulnerability VCID-81mh-qb4b-n7a8
14
vulnerability VCID-84sb-282p-abb6
15
vulnerability VCID-8t1x-kdp9-jkag
16
vulnerability VCID-93rb-sj45-w3fh
17
vulnerability VCID-979q-g8dh-1fgw
18
vulnerability VCID-9m1k-bypd-zber
19
vulnerability VCID-9ra4-dac9-7qba
20
vulnerability VCID-a9e8-ky44-s3gc
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fnz2-pbtj-43ak
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-paqt-sa9x-2qcm
54
vulnerability VCID-q7xb-xff7-77cf
55
vulnerability VCID-qbz4-eznm-e3hw
56
vulnerability VCID-qn3n-hpd2-7baf
57
vulnerability VCID-qv8v-b5t4-jqb9
58
vulnerability VCID-t6ek-fzh4-mbdu
59
vulnerability VCID-tkcj-gar9-dbbh
60
vulnerability VCID-uaf3-v6zj-uuc3
61
vulnerability VCID-ud81-gjp6-s3ac
62
vulnerability VCID-ur7d-jx1z-kbet
63
vulnerability VCID-uxdh-6r6k-h7fr
64
vulnerability VCID-v6d4-h4sz-4yad
65
vulnerability VCID-wdud-ckq4-wqfa
66
vulnerability VCID-wzbf-bazj-4kgy
67
vulnerability VCID-xfwh-3838-j7ct
68
vulnerability VCID-xgwg-8q8s-cbfk
69
vulnerability VCID-y92e-mb7u-sueg
70
vulnerability VCID-yah4-88g3-37ak
71
vulnerability VCID-ycet-r6tz-yyhn
72
vulnerability VCID-zbp5-8ec3-gfe4
73
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1
1
url pkg:composer/pimcore/pimcore@10.4.0
purl pkg:composer/pimcore/pimcore@10.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-8t1x-kdp9-jkag
15
vulnerability VCID-93rb-sj45-w3fh
16
vulnerability VCID-979q-g8dh-1fgw
17
vulnerability VCID-9m1k-bypd-zber
18
vulnerability VCID-9ra4-dac9-7qba
19
vulnerability VCID-bb65-xxsn-m3gv
20
vulnerability VCID-c2j7-ywhr-3ff3
21
vulnerability VCID-c5af-wpgt-dkep
22
vulnerability VCID-cbx2-f95n-kqgd
23
vulnerability VCID-cgzf-jppn-q7ff
24
vulnerability VCID-d7zd-p4g6-ryd1
25
vulnerability VCID-de3u-8wqt-uyc2
26
vulnerability VCID-dhdb-wakw-pufe
27
vulnerability VCID-drty-cbue-3kcv
28
vulnerability VCID-e11t-ywn5-v7gp
29
vulnerability VCID-f4vw-12f3-wfgb
30
vulnerability VCID-f5cg-bkw2-hqct
31
vulnerability VCID-f7yk-9pys-t7dr
32
vulnerability VCID-fvku-th2k-93d8
33
vulnerability VCID-gs48-295u-mqdt
34
vulnerability VCID-gs7u-m432-yqaw
35
vulnerability VCID-hed9-c39j-87g2
36
vulnerability VCID-j9qv-7wsq-mkf6
37
vulnerability VCID-jgxx-v2wj-zkfh
38
vulnerability VCID-jx3r-bxmm-hfaw
39
vulnerability VCID-jxr2-qjbz-17ha
40
vulnerability VCID-m9aa-5k15-dfap
41
vulnerability VCID-mapb-drtt-rbez
42
vulnerability VCID-mcrd-q5wz-d7dk
43
vulnerability VCID-mhz5-dnv5-6uas
44
vulnerability VCID-mwu6-2hxd-efc2
45
vulnerability VCID-n6h3-gsty-sua2
46
vulnerability VCID-p7w5-8ynh-xuh4
47
vulnerability VCID-q7xb-xff7-77cf
48
vulnerability VCID-qn3n-hpd2-7baf
49
vulnerability VCID-qv8v-b5t4-jqb9
50
vulnerability VCID-t6ek-fzh4-mbdu
51
vulnerability VCID-tkcj-gar9-dbbh
52
vulnerability VCID-uaf3-v6zj-uuc3
53
vulnerability VCID-ud81-gjp6-s3ac
54
vulnerability VCID-ur7d-jx1z-kbet
55
vulnerability VCID-uxdh-6r6k-h7fr
56
vulnerability VCID-v6d4-h4sz-4yad
57
vulnerability VCID-wdud-ckq4-wqfa
58
vulnerability VCID-wzbf-bazj-4kgy
59
vulnerability VCID-xfwh-3838-j7ct
60
vulnerability VCID-xgwg-8q8s-cbfk
61
vulnerability VCID-y92e-mb7u-sueg
62
vulnerability VCID-yah4-88g3-37ak
63
vulnerability VCID-ycet-r6tz-yyhn
64
vulnerability VCID-zbp5-8ec3-gfe4
65
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0
aliases CVE-2022-0705, GHSA-xmq3-hgjx-6997
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-295b-zzh8-q3h3
5
url VCID-2jc7-hjcd-3qfb
vulnerability_id VCID-2jc7-hjcd-3qfb
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0893
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04304
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0893
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
3
reference_url https://github.com/pimcore/pimcore/pull/11447
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/11447
4
reference_url https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0893
reference_id CVE-2022-0893
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0893
6
reference_url https://github.com/advisories/GHSA-g795-4hxx-qqwm
reference_id GHSA-g795-4hxx-qqwm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g795-4hxx-qqwm
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.1
purl pkg:composer/pimcore/pimcore@10.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-7w3s-bvdz-bfht
13
vulnerability VCID-81mh-qb4b-n7a8
14
vulnerability VCID-84sb-282p-abb6
15
vulnerability VCID-8t1x-kdp9-jkag
16
vulnerability VCID-93rb-sj45-w3fh
17
vulnerability VCID-979q-g8dh-1fgw
18
vulnerability VCID-9m1k-bypd-zber
19
vulnerability VCID-9ra4-dac9-7qba
20
vulnerability VCID-a9e8-ky44-s3gc
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fnz2-pbtj-43ak
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-paqt-sa9x-2qcm
54
vulnerability VCID-q7xb-xff7-77cf
55
vulnerability VCID-qbz4-eznm-e3hw
56
vulnerability VCID-qn3n-hpd2-7baf
57
vulnerability VCID-qv8v-b5t4-jqb9
58
vulnerability VCID-t6ek-fzh4-mbdu
59
vulnerability VCID-tkcj-gar9-dbbh
60
vulnerability VCID-uaf3-v6zj-uuc3
61
vulnerability VCID-ud81-gjp6-s3ac
62
vulnerability VCID-ur7d-jx1z-kbet
63
vulnerability VCID-uxdh-6r6k-h7fr
64
vulnerability VCID-v6d4-h4sz-4yad
65
vulnerability VCID-wdud-ckq4-wqfa
66
vulnerability VCID-wzbf-bazj-4kgy
67
vulnerability VCID-xfwh-3838-j7ct
68
vulnerability VCID-xgwg-8q8s-cbfk
69
vulnerability VCID-y92e-mb7u-sueg
70
vulnerability VCID-yah4-88g3-37ak
71
vulnerability VCID-ycet-r6tz-yyhn
72
vulnerability VCID-zbp5-8ec3-gfe4
73
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1
1
url pkg:composer/pimcore/pimcore@10.4.0
purl pkg:composer/pimcore/pimcore@10.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-8t1x-kdp9-jkag
15
vulnerability VCID-93rb-sj45-w3fh
16
vulnerability VCID-979q-g8dh-1fgw
17
vulnerability VCID-9m1k-bypd-zber
18
vulnerability VCID-9ra4-dac9-7qba
19
vulnerability VCID-bb65-xxsn-m3gv
20
vulnerability VCID-c2j7-ywhr-3ff3
21
vulnerability VCID-c5af-wpgt-dkep
22
vulnerability VCID-cbx2-f95n-kqgd
23
vulnerability VCID-cgzf-jppn-q7ff
24
vulnerability VCID-d7zd-p4g6-ryd1
25
vulnerability VCID-de3u-8wqt-uyc2
26
vulnerability VCID-dhdb-wakw-pufe
27
vulnerability VCID-drty-cbue-3kcv
28
vulnerability VCID-e11t-ywn5-v7gp
29
vulnerability VCID-f4vw-12f3-wfgb
30
vulnerability VCID-f5cg-bkw2-hqct
31
vulnerability VCID-f7yk-9pys-t7dr
32
vulnerability VCID-fvku-th2k-93d8
33
vulnerability VCID-gs48-295u-mqdt
34
vulnerability VCID-gs7u-m432-yqaw
35
vulnerability VCID-hed9-c39j-87g2
36
vulnerability VCID-j9qv-7wsq-mkf6
37
vulnerability VCID-jgxx-v2wj-zkfh
38
vulnerability VCID-jx3r-bxmm-hfaw
39
vulnerability VCID-jxr2-qjbz-17ha
40
vulnerability VCID-m9aa-5k15-dfap
41
vulnerability VCID-mapb-drtt-rbez
42
vulnerability VCID-mcrd-q5wz-d7dk
43
vulnerability VCID-mhz5-dnv5-6uas
44
vulnerability VCID-mwu6-2hxd-efc2
45
vulnerability VCID-n6h3-gsty-sua2
46
vulnerability VCID-p7w5-8ynh-xuh4
47
vulnerability VCID-q7xb-xff7-77cf
48
vulnerability VCID-qn3n-hpd2-7baf
49
vulnerability VCID-qv8v-b5t4-jqb9
50
vulnerability VCID-t6ek-fzh4-mbdu
51
vulnerability VCID-tkcj-gar9-dbbh
52
vulnerability VCID-uaf3-v6zj-uuc3
53
vulnerability VCID-ud81-gjp6-s3ac
54
vulnerability VCID-ur7d-jx1z-kbet
55
vulnerability VCID-uxdh-6r6k-h7fr
56
vulnerability VCID-v6d4-h4sz-4yad
57
vulnerability VCID-wdud-ckq4-wqfa
58
vulnerability VCID-wzbf-bazj-4kgy
59
vulnerability VCID-xfwh-3838-j7ct
60
vulnerability VCID-xgwg-8q8s-cbfk
61
vulnerability VCID-y92e-mb7u-sueg
62
vulnerability VCID-yah4-88g3-37ak
63
vulnerability VCID-ycet-r6tz-yyhn
64
vulnerability VCID-zbp5-8ec3-gfe4
65
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0
aliases CVE-2022-0893, GHSA-g795-4hxx-qqwm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc7-hjcd-3qfb
6
url VCID-2u9x-hqp2-77g6
vulnerability_id VCID-2u9x-hqp2-77g6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A stored Cross-site Scripting (XSS) vulnerability was found in pimcore.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0251
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02854
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0251
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb
3
reference_url https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0251
reference_id CVE-2022-0251
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0251
5
reference_url https://github.com/advisories/GHSA-f7q6-xxph-mfm8
reference_id GHSA-f7q6-xxph-mfm8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7q6-xxph-mfm8
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.0
purl pkg:composer/pimcore/pimcore@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-354d-zv99-73g6
7
vulnerability VCID-3et6-gmgj-h7bn
8
vulnerability VCID-3ref-crmy-eucd
9
vulnerability VCID-3xpj-x3xh-7ub9
10
vulnerability VCID-4dk6-cfer-t7b5
11
vulnerability VCID-4p8y-eknc-zfgn
12
vulnerability VCID-5qj5-vh6d-7khq
13
vulnerability VCID-5tz5-h4wq-3qfy
14
vulnerability VCID-68hd-e927-4kcu
15
vulnerability VCID-6w41-7cfk-j7cn
16
vulnerability VCID-7w3s-bvdz-bfht
17
vulnerability VCID-81mh-qb4b-n7a8
18
vulnerability VCID-84sb-282p-abb6
19
vulnerability VCID-8t1x-kdp9-jkag
20
vulnerability VCID-93rb-sj45-w3fh
21
vulnerability VCID-979q-g8dh-1fgw
22
vulnerability VCID-97te-6pwk-bbb4
23
vulnerability VCID-9m1k-bypd-zber
24
vulnerability VCID-9ra4-dac9-7qba
25
vulnerability VCID-a9e8-ky44-s3gc
26
vulnerability VCID-bb65-xxsn-m3gv
27
vulnerability VCID-bz3s-p33z-kqf2
28
vulnerability VCID-c2j7-ywhr-3ff3
29
vulnerability VCID-c5af-wpgt-dkep
30
vulnerability VCID-cbx2-f95n-kqgd
31
vulnerability VCID-cgzf-jppn-q7ff
32
vulnerability VCID-d7zd-p4g6-ryd1
33
vulnerability VCID-de3u-8wqt-uyc2
34
vulnerability VCID-dhdb-wakw-pufe
35
vulnerability VCID-drty-cbue-3kcv
36
vulnerability VCID-e11t-ywn5-v7gp
37
vulnerability VCID-f4vw-12f3-wfgb
38
vulnerability VCID-f5cg-bkw2-hqct
39
vulnerability VCID-f7yk-9pys-t7dr
40
vulnerability VCID-fhsn-akes-rqey
41
vulnerability VCID-fnz2-pbtj-43ak
42
vulnerability VCID-fpuf-6uyn-hydv
43
vulnerability VCID-fvku-th2k-93d8
44
vulnerability VCID-gda3-s5cp-w7d4
45
vulnerability VCID-ggje-p3cm-fyhe
46
vulnerability VCID-gs48-295u-mqdt
47
vulnerability VCID-gs7u-m432-yqaw
48
vulnerability VCID-hed9-c39j-87g2
49
vulnerability VCID-hn1d-5fbq-cyc7
50
vulnerability VCID-hvgj-5hjn-cbhb
51
vulnerability VCID-j5pq-ekja-jffv
52
vulnerability VCID-j9qv-7wsq-mkf6
53
vulnerability VCID-jgxx-v2wj-zkfh
54
vulnerability VCID-jx3r-bxmm-hfaw
55
vulnerability VCID-jxr2-qjbz-17ha
56
vulnerability VCID-m756-fmwt-dfbf
57
vulnerability VCID-m9aa-5k15-dfap
58
vulnerability VCID-mapb-drtt-rbez
59
vulnerability VCID-mcrd-q5wz-d7dk
60
vulnerability VCID-mhz5-dnv5-6uas
61
vulnerability VCID-mwu6-2hxd-efc2
62
vulnerability VCID-n6h3-gsty-sua2
63
vulnerability VCID-p7w5-8ynh-xuh4
64
vulnerability VCID-paqt-sa9x-2qcm
65
vulnerability VCID-pnn8-zfvf-wqcf
66
vulnerability VCID-q7xb-xff7-77cf
67
vulnerability VCID-qbz4-eznm-e3hw
68
vulnerability VCID-qn3n-hpd2-7baf
69
vulnerability VCID-qv8v-b5t4-jqb9
70
vulnerability VCID-sbqb-c913-rqhb
71
vulnerability VCID-smn4-dvb2-u7hb
72
vulnerability VCID-t6ek-fzh4-mbdu
73
vulnerability VCID-tkcj-gar9-dbbh
74
vulnerability VCID-trf7-n9zr-bubx
75
vulnerability VCID-uaf3-v6zj-uuc3
76
vulnerability VCID-ud81-gjp6-s3ac
77
vulnerability VCID-ur7d-jx1z-kbet
78
vulnerability VCID-uukc-b952-zbgk
79
vulnerability VCID-uxdh-6r6k-h7fr
80
vulnerability VCID-v6d4-h4sz-4yad
81
vulnerability VCID-v9ts-sd7r-gff2
82
vulnerability VCID-w7q9-zspa-pfb7
83
vulnerability VCID-wdud-ckq4-wqfa
84
vulnerability VCID-wzbf-bazj-4kgy
85
vulnerability VCID-x7pr-fcen-r7d5
86
vulnerability VCID-xa87-8qgt-t7az
87
vulnerability VCID-xfwh-3838-j7ct
88
vulnerability VCID-xgwg-8q8s-cbfk
89
vulnerability VCID-y92e-mb7u-sueg
90
vulnerability VCID-yah4-88g3-37ak
91
vulnerability VCID-ycet-r6tz-yyhn
92
vulnerability VCID-zbp5-8ec3-gfe4
93
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.0
1
url pkg:composer/pimcore/pimcore@10.2.10
purl pkg:composer/pimcore/pimcore@10.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-2jc7-hjcd-3qfb
4
vulnerability VCID-354d-zv99-73g6
5
vulnerability VCID-3et6-gmgj-h7bn
6
vulnerability VCID-3ref-crmy-eucd
7
vulnerability VCID-3xpj-x3xh-7ub9
8
vulnerability VCID-4dk6-cfer-t7b5
9
vulnerability VCID-4p8y-eknc-zfgn
10
vulnerability VCID-5qj5-vh6d-7khq
11
vulnerability VCID-5tz5-h4wq-3qfy
12
vulnerability VCID-68hd-e927-4kcu
13
vulnerability VCID-6w41-7cfk-j7cn
14
vulnerability VCID-7w3s-bvdz-bfht
15
vulnerability VCID-81mh-qb4b-n7a8
16
vulnerability VCID-84sb-282p-abb6
17
vulnerability VCID-8t1x-kdp9-jkag
18
vulnerability VCID-93rb-sj45-w3fh
19
vulnerability VCID-979q-g8dh-1fgw
20
vulnerability VCID-97te-6pwk-bbb4
21
vulnerability VCID-9m1k-bypd-zber
22
vulnerability VCID-9ra4-dac9-7qba
23
vulnerability VCID-a9e8-ky44-s3gc
24
vulnerability VCID-bb65-xxsn-m3gv
25
vulnerability VCID-bz3s-p33z-kqf2
26
vulnerability VCID-c2j7-ywhr-3ff3
27
vulnerability VCID-c5af-wpgt-dkep
28
vulnerability VCID-cbx2-f95n-kqgd
29
vulnerability VCID-cgzf-jppn-q7ff
30
vulnerability VCID-d7zd-p4g6-ryd1
31
vulnerability VCID-de3u-8wqt-uyc2
32
vulnerability VCID-dhdb-wakw-pufe
33
vulnerability VCID-drty-cbue-3kcv
34
vulnerability VCID-e11t-ywn5-v7gp
35
vulnerability VCID-f4vw-12f3-wfgb
36
vulnerability VCID-f5cg-bkw2-hqct
37
vulnerability VCID-f7yk-9pys-t7dr
38
vulnerability VCID-fhsn-akes-rqey
39
vulnerability VCID-fnz2-pbtj-43ak
40
vulnerability VCID-fvku-th2k-93d8
41
vulnerability VCID-gda3-s5cp-w7d4
42
vulnerability VCID-gs48-295u-mqdt
43
vulnerability VCID-gs7u-m432-yqaw
44
vulnerability VCID-hed9-c39j-87g2
45
vulnerability VCID-hn1d-5fbq-cyc7
46
vulnerability VCID-j9qv-7wsq-mkf6
47
vulnerability VCID-jgxx-v2wj-zkfh
48
vulnerability VCID-jx3r-bxmm-hfaw
49
vulnerability VCID-jxr2-qjbz-17ha
50
vulnerability VCID-m756-fmwt-dfbf
51
vulnerability VCID-m9aa-5k15-dfap
52
vulnerability VCID-mapb-drtt-rbez
53
vulnerability VCID-mcrd-q5wz-d7dk
54
vulnerability VCID-mhz5-dnv5-6uas
55
vulnerability VCID-mwu6-2hxd-efc2
56
vulnerability VCID-n6h3-gsty-sua2
57
vulnerability VCID-p7w5-8ynh-xuh4
58
vulnerability VCID-paqt-sa9x-2qcm
59
vulnerability VCID-q7xb-xff7-77cf
60
vulnerability VCID-qbz4-eznm-e3hw
61
vulnerability VCID-qn3n-hpd2-7baf
62
vulnerability VCID-qv8v-b5t4-jqb9
63
vulnerability VCID-sbqb-c913-rqhb
64
vulnerability VCID-t6ek-fzh4-mbdu
65
vulnerability VCID-tkcj-gar9-dbbh
66
vulnerability VCID-uaf3-v6zj-uuc3
67
vulnerability VCID-ud81-gjp6-s3ac
68
vulnerability VCID-ur7d-jx1z-kbet
69
vulnerability VCID-uxdh-6r6k-h7fr
70
vulnerability VCID-v6d4-h4sz-4yad
71
vulnerability VCID-v9ts-sd7r-gff2
72
vulnerability VCID-wdud-ckq4-wqfa
73
vulnerability VCID-wzbf-bazj-4kgy
74
vulnerability VCID-xa87-8qgt-t7az
75
vulnerability VCID-xfwh-3838-j7ct
76
vulnerability VCID-xgwg-8q8s-cbfk
77
vulnerability VCID-y92e-mb7u-sueg
78
vulnerability VCID-yah4-88g3-37ak
79
vulnerability VCID-ycet-r6tz-yyhn
80
vulnerability VCID-zbp5-8ec3-gfe4
81
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.10
aliases CVE-2022-0251, GHSA-f7q6-xxph-mfm8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2u9x-hqp2-77g6
7
url VCID-354d-zv99-73g6
vulnerability_id VCID-354d-zv99-73g6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1312
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10843
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1312
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T15:36:24Z/
url https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb
3
reference_url https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T15:36:24Z/
url https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1312
reference_id CVE-2023-1312
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1312
5
reference_url https://github.com/advisories/GHSA-gh4g-65f6-84g5
reference_id GHSA-gh4g-65f6-84g5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gh4g-65f6-84g5
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1312, GHSA-gh4g-65f6-84g5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-354d-zv99-73g6
8
url VCID-3et6-gmgj-h7bn
vulnerability_id VCID-3et6-gmgj-h7bn
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2327
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04721
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2327
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:19Z/
url https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f
3
reference_url https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:19Z/
url https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2327
reference_id CVE-2023-2327
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2327
5
reference_url https://github.com/advisories/GHSA-x9xj-pqmv-8jf7
reference_id GHSA-x9xj-pqmv-8jf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x9xj-pqmv-8jf7
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7
reference_id GHSA-x9xj-pqmv-8jf7
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2327, GHSA-x9xj-pqmv-8jf7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3et6-gmgj-h7bn
9
url VCID-3ref-crmy-eucd
vulnerability_id VCID-3ref-crmy-eucd
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1702
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02783
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1702
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:51:36Z/
url https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d
3
reference_url https://github.com/pimcore/pimcore/pull/14721.patch
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14721.patch
4
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-6qjm-39vh-729w
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-6qjm-39vh-729w
5
reference_url https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:51:36Z/
url https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1702
reference_id CVE-2023-1702
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1702
7
reference_url https://github.com/advisories/GHSA-69fc-v223-6rjw
reference_id GHSA-69fc-v223-6rjw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-69fc-v223-6rjw
8
reference_url https://github.com/advisories/GHSA-6qjm-39vh-729w
reference_id GHSA-6qjm-39vh-729w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qjm-39vh-729w
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.20
purl pkg:composer/pimcore/pimcore@10.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-4dk6-cfer-t7b5
3
vulnerability VCID-5qj5-vh6d-7khq
4
vulnerability VCID-5tz5-h4wq-3qfy
5
vulnerability VCID-68hd-e927-4kcu
6
vulnerability VCID-6w41-7cfk-j7cn
7
vulnerability VCID-979q-g8dh-1fgw
8
vulnerability VCID-9ra4-dac9-7qba
9
vulnerability VCID-bb65-xxsn-m3gv
10
vulnerability VCID-c2j7-ywhr-3ff3
11
vulnerability VCID-c5af-wpgt-dkep
12
vulnerability VCID-cbx2-f95n-kqgd
13
vulnerability VCID-de3u-8wqt-uyc2
14
vulnerability VCID-dhdb-wakw-pufe
15
vulnerability VCID-drty-cbue-3kcv
16
vulnerability VCID-e11t-ywn5-v7gp
17
vulnerability VCID-f4vw-12f3-wfgb
18
vulnerability VCID-f5cg-bkw2-hqct
19
vulnerability VCID-hed9-c39j-87g2
20
vulnerability VCID-jgxx-v2wj-zkfh
21
vulnerability VCID-jxr2-qjbz-17ha
22
vulnerability VCID-m9aa-5k15-dfap
23
vulnerability VCID-mapb-drtt-rbez
24
vulnerability VCID-mcrd-q5wz-d7dk
25
vulnerability VCID-mwu6-2hxd-efc2
26
vulnerability VCID-n6h3-gsty-sua2
27
vulnerability VCID-q7xb-xff7-77cf
28
vulnerability VCID-uaf3-v6zj-uuc3
29
vulnerability VCID-uxdh-6r6k-h7fr
30
vulnerability VCID-v6d4-h4sz-4yad
31
vulnerability VCID-wzbf-bazj-4kgy
32
vulnerability VCID-xfwh-3838-j7ct
33
vulnerability VCID-xgwg-8q8s-cbfk
34
vulnerability VCID-y92e-mb7u-sueg
35
vulnerability VCID-zbp5-8ec3-gfe4
36
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1702, GHSA-69fc-v223-6rjw, GHSA-6qjm-39vh-729w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ref-crmy-eucd
10
url VCID-3xpj-x3xh-7ub9
vulnerability_id VCID-3xpj-x3xh-7ub9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3211
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05906
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3211
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36
3
reference_url https://github.com/pimcore/pimcore/pull/13129
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/13129
4
reference_url https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3211
reference_id CVE-2022-3211
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3211
6
reference_url https://github.com/advisories/GHSA-4849-x3jx-45qr
reference_id GHSA-4849-x3jx-45qr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4849-x3jx-45qr
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.6
purl pkg:composer/pimcore/pimcore@10.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-4p8y-eknc-zfgn
7
vulnerability VCID-5qj5-vh6d-7khq
8
vulnerability VCID-5tz5-h4wq-3qfy
9
vulnerability VCID-68hd-e927-4kcu
10
vulnerability VCID-6w41-7cfk-j7cn
11
vulnerability VCID-81mh-qb4b-n7a8
12
vulnerability VCID-84sb-282p-abb6
13
vulnerability VCID-93rb-sj45-w3fh
14
vulnerability VCID-979q-g8dh-1fgw
15
vulnerability VCID-9m1k-bypd-zber
16
vulnerability VCID-9ra4-dac9-7qba
17
vulnerability VCID-bb65-xxsn-m3gv
18
vulnerability VCID-c2j7-ywhr-3ff3
19
vulnerability VCID-c5af-wpgt-dkep
20
vulnerability VCID-cbx2-f95n-kqgd
21
vulnerability VCID-cgzf-jppn-q7ff
22
vulnerability VCID-d7zd-p4g6-ryd1
23
vulnerability VCID-de3u-8wqt-uyc2
24
vulnerability VCID-dhdb-wakw-pufe
25
vulnerability VCID-drty-cbue-3kcv
26
vulnerability VCID-e11t-ywn5-v7gp
27
vulnerability VCID-f4vw-12f3-wfgb
28
vulnerability VCID-f5cg-bkw2-hqct
29
vulnerability VCID-f7yk-9pys-t7dr
30
vulnerability VCID-fvku-th2k-93d8
31
vulnerability VCID-gs48-295u-mqdt
32
vulnerability VCID-gs7u-m432-yqaw
33
vulnerability VCID-hed9-c39j-87g2
34
vulnerability VCID-j9qv-7wsq-mkf6
35
vulnerability VCID-jgxx-v2wj-zkfh
36
vulnerability VCID-jx3r-bxmm-hfaw
37
vulnerability VCID-jxr2-qjbz-17ha
38
vulnerability VCID-m9aa-5k15-dfap
39
vulnerability VCID-mapb-drtt-rbez
40
vulnerability VCID-mcrd-q5wz-d7dk
41
vulnerability VCID-mhz5-dnv5-6uas
42
vulnerability VCID-mwu6-2hxd-efc2
43
vulnerability VCID-n6h3-gsty-sua2
44
vulnerability VCID-p7w5-8ynh-xuh4
45
vulnerability VCID-q7xb-xff7-77cf
46
vulnerability VCID-qn3n-hpd2-7baf
47
vulnerability VCID-qv8v-b5t4-jqb9
48
vulnerability VCID-t6ek-fzh4-mbdu
49
vulnerability VCID-tkcj-gar9-dbbh
50
vulnerability VCID-uaf3-v6zj-uuc3
51
vulnerability VCID-ud81-gjp6-s3ac
52
vulnerability VCID-ur7d-jx1z-kbet
53
vulnerability VCID-uxdh-6r6k-h7fr
54
vulnerability VCID-v6d4-h4sz-4yad
55
vulnerability VCID-wdud-ckq4-wqfa
56
vulnerability VCID-wzbf-bazj-4kgy
57
vulnerability VCID-xfwh-3838-j7ct
58
vulnerability VCID-xgwg-8q8s-cbfk
59
vulnerability VCID-y92e-mb7u-sueg
60
vulnerability VCID-yah4-88g3-37ak
61
vulnerability VCID-ycet-r6tz-yyhn
62
vulnerability VCID-zbp5-8ec3-gfe4
63
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.6
aliases CVE-2022-3211, GHSA-4849-x3jx-45qr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3xpj-x3xh-7ub9
11
url VCID-4dk6-cfer-t7b5
vulnerability_id VCID-4dk6-cfer-t7b5
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2614
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01364
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2614
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:42:03Z/
url https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7
3
reference_url https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:42:03Z/
url https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2614
reference_id CVE-2023-2614
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2614
5
reference_url https://github.com/advisories/GHSA-m6m9-gr85-79vm
reference_id GHSA-m6m9-gr85-79vm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6m9-gr85-79vm
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm
reference_id GHSA-m6m9-gr85-79vm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2614, GHSA-m6m9-gr85-79vm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dk6-cfer-t7b5
12
url VCID-4p8y-eknc-zfgn
vulnerability_id VCID-4p8y-eknc-zfgn
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1117
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00778
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1117
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:19Z/
url https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853
3
reference_url https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:19Z/
url https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1117
reference_id CVE-2023-1117
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1117
5
reference_url https://github.com/advisories/GHSA-qxcw-rf4v-hp26
reference_id GHSA-qxcw-rf4v-hp26
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qxcw-rf4v-hp26
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-qxcw-rf4v-hp26
reference_id GHSA-qxcw-rf4v-hp26
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-qxcw-rf4v-hp26
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.18
purl pkg:composer/pimcore/pimcore@10.5.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-5qj5-vh6d-7khq
7
vulnerability VCID-5tz5-h4wq-3qfy
8
vulnerability VCID-68hd-e927-4kcu
9
vulnerability VCID-6w41-7cfk-j7cn
10
vulnerability VCID-81mh-qb4b-n7a8
11
vulnerability VCID-93rb-sj45-w3fh
12
vulnerability VCID-979q-g8dh-1fgw
13
vulnerability VCID-9ra4-dac9-7qba
14
vulnerability VCID-bb65-xxsn-m3gv
15
vulnerability VCID-c2j7-ywhr-3ff3
16
vulnerability VCID-c5af-wpgt-dkep
17
vulnerability VCID-cbx2-f95n-kqgd
18
vulnerability VCID-cgzf-jppn-q7ff
19
vulnerability VCID-d7zd-p4g6-ryd1
20
vulnerability VCID-de3u-8wqt-uyc2
21
vulnerability VCID-dhdb-wakw-pufe
22
vulnerability VCID-drty-cbue-3kcv
23
vulnerability VCID-e11t-ywn5-v7gp
24
vulnerability VCID-f4vw-12f3-wfgb
25
vulnerability VCID-f5cg-bkw2-hqct
26
vulnerability VCID-f7yk-9pys-t7dr
27
vulnerability VCID-gs48-295u-mqdt
28
vulnerability VCID-hed9-c39j-87g2
29
vulnerability VCID-j9qv-7wsq-mkf6
30
vulnerability VCID-jgxx-v2wj-zkfh
31
vulnerability VCID-jxr2-qjbz-17ha
32
vulnerability VCID-m9aa-5k15-dfap
33
vulnerability VCID-mapb-drtt-rbez
34
vulnerability VCID-mcrd-q5wz-d7dk
35
vulnerability VCID-mwu6-2hxd-efc2
36
vulnerability VCID-n6h3-gsty-sua2
37
vulnerability VCID-p7w5-8ynh-xuh4
38
vulnerability VCID-q7xb-xff7-77cf
39
vulnerability VCID-qn3n-hpd2-7baf
40
vulnerability VCID-qv8v-b5t4-jqb9
41
vulnerability VCID-t6ek-fzh4-mbdu
42
vulnerability VCID-tkcj-gar9-dbbh
43
vulnerability VCID-uaf3-v6zj-uuc3
44
vulnerability VCID-uxdh-6r6k-h7fr
45
vulnerability VCID-v6d4-h4sz-4yad
46
vulnerability VCID-wdud-ckq4-wqfa
47
vulnerability VCID-wzbf-bazj-4kgy
48
vulnerability VCID-xfwh-3838-j7ct
49
vulnerability VCID-xgwg-8q8s-cbfk
50
vulnerability VCID-y92e-mb7u-sueg
51
vulnerability VCID-ycet-r6tz-yyhn
52
vulnerability VCID-zbp5-8ec3-gfe4
53
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1117, GHSA-qxcw-rf4v-hp26
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4p8y-eknc-zfgn
13
url VCID-55g4-28a9-u7dc
vulnerability_id VCID-55g4-28a9-u7dc
summary 
Cross-site Scripting
Pimcore is an open source data & experience management platform. An authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore As a workaround, users may apply the patch manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39170
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08087
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39170
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/pull/10178
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/10178
3
reference_url https://github.com/pimcore/pimcore/pull/10178.patch
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/10178.patch
4
reference_url https://github.com/pimcore/pimcore/pull/10206
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/10206
5
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f
6
reference_url https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501
7
reference_url https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501/
reference_id
reference_type
scores
url https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501/
8
reference_url https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2
9
reference_url https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2/
reference_id
reference_type
scores
url https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39170
reference_id CVE-2021-39170
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39170
11
reference_url https://github.com/advisories/GHSA-2v88-qq7x-xq5f
reference_id GHSA-2v88-qq7x-xq5f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2v88-qq7x-xq5f
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.1.2
purl pkg:composer/pimcore/pimcore@10.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-5qj5-vh6d-7khq
14
vulnerability VCID-5tz5-h4wq-3qfy
15
vulnerability VCID-68hd-e927-4kcu
16
vulnerability VCID-6w41-7cfk-j7cn
17
vulnerability VCID-7w3s-bvdz-bfht
18
vulnerability VCID-81mh-qb4b-n7a8
19
vulnerability VCID-84sb-282p-abb6
20
vulnerability VCID-8t1x-kdp9-jkag
21
vulnerability VCID-93rb-sj45-w3fh
22
vulnerability VCID-979q-g8dh-1fgw
23
vulnerability VCID-97te-6pwk-bbb4
24
vulnerability VCID-9m1k-bypd-zber
25
vulnerability VCID-9ra4-dac9-7qba
26
vulnerability VCID-a9e8-ky44-s3gc
27
vulnerability VCID-bb65-xxsn-m3gv
28
vulnerability VCID-bexg-r2xt-6ycy
29
vulnerability VCID-bz3s-p33z-kqf2
30
vulnerability VCID-c2j7-ywhr-3ff3
31
vulnerability VCID-c5af-wpgt-dkep
32
vulnerability VCID-cbx2-f95n-kqgd
33
vulnerability VCID-cgzf-jppn-q7ff
34
vulnerability VCID-d7zd-p4g6-ryd1
35
vulnerability VCID-de3u-8wqt-uyc2
36
vulnerability VCID-dhdb-wakw-pufe
37
vulnerability VCID-drty-cbue-3kcv
38
vulnerability VCID-e11t-ywn5-v7gp
39
vulnerability VCID-f4vw-12f3-wfgb
40
vulnerability VCID-f5cg-bkw2-hqct
41
vulnerability VCID-f7yk-9pys-t7dr
42
vulnerability VCID-fhsn-akes-rqey
43
vulnerability VCID-fnz2-pbtj-43ak
44
vulnerability VCID-fpuf-6uyn-hydv
45
vulnerability VCID-fvku-th2k-93d8
46
vulnerability VCID-gda3-s5cp-w7d4
47
vulnerability VCID-ggje-p3cm-fyhe
48
vulnerability VCID-gs48-295u-mqdt
49
vulnerability VCID-gs7u-m432-yqaw
50
vulnerability VCID-hed9-c39j-87g2
51
vulnerability VCID-hn1d-5fbq-cyc7
52
vulnerability VCID-hvgj-5hjn-cbhb
53
vulnerability VCID-j5pq-ekja-jffv
54
vulnerability VCID-j9qv-7wsq-mkf6
55
vulnerability VCID-jgxx-v2wj-zkfh
56
vulnerability VCID-jx3r-bxmm-hfaw
57
vulnerability VCID-jxr2-qjbz-17ha
58
vulnerability VCID-m756-fmwt-dfbf
59
vulnerability VCID-m9aa-5k15-dfap
60
vulnerability VCID-mapb-drtt-rbez
61
vulnerability VCID-mcrd-q5wz-d7dk
62
vulnerability VCID-mhz5-dnv5-6uas
63
vulnerability VCID-mwu6-2hxd-efc2
64
vulnerability VCID-n6h3-gsty-sua2
65
vulnerability VCID-p7w5-8ynh-xuh4
66
vulnerability VCID-paqt-sa9x-2qcm
67
vulnerability VCID-pnn8-zfvf-wqcf
68
vulnerability VCID-px53-r47y-tbds
69
vulnerability VCID-q7xb-xff7-77cf
70
vulnerability VCID-qbz4-eznm-e3hw
71
vulnerability VCID-qn3n-hpd2-7baf
72
vulnerability VCID-qv8v-b5t4-jqb9
73
vulnerability VCID-sbqb-c913-rqhb
74
vulnerability VCID-smn4-dvb2-u7hb
75
vulnerability VCID-t6ek-fzh4-mbdu
76
vulnerability VCID-tkcj-gar9-dbbh
77
vulnerability VCID-trf7-n9zr-bubx
78
vulnerability VCID-uaf3-v6zj-uuc3
79
vulnerability VCID-ud81-gjp6-s3ac
80
vulnerability VCID-ur7d-jx1z-kbet
81
vulnerability VCID-uukc-b952-zbgk
82
vulnerability VCID-uxdh-6r6k-h7fr
83
vulnerability VCID-v6d4-h4sz-4yad
84
vulnerability VCID-v9ts-sd7r-gff2
85
vulnerability VCID-w7q9-zspa-pfb7
86
vulnerability VCID-wdud-ckq4-wqfa
87
vulnerability VCID-wzbf-bazj-4kgy
88
vulnerability VCID-x7pr-fcen-r7d5
89
vulnerability VCID-xa87-8qgt-t7az
90
vulnerability VCID-xfwh-3838-j7ct
91
vulnerability VCID-xgwg-8q8s-cbfk
92
vulnerability VCID-y92e-mb7u-sueg
93
vulnerability VCID-yah4-88g3-37ak
94
vulnerability VCID-ycet-r6tz-yyhn
95
vulnerability VCID-zbp5-8ec3-gfe4
96
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.2
aliases CVE-2021-39170, GHSA-2v88-qq7x-xq5f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55g4-28a9-u7dc
14
url VCID-5qj5-vh6d-7khq
vulnerability_id VCID-5qj5-vh6d-7khq
summary 
Cross-site Scripting (XSS) in Conditions tab of Pricing Rules
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2332
reference_id
reference_type
scores
0
value 3e-05
scoring_system epss
scoring_elements 0.00103
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2332
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T21:00:05Z/
url https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe
3
reference_url https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T21:00:05Z/
url https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2332
reference_id CVE-2023-2332
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2332
5
reference_url https://github.com/advisories/GHSA-r7mm-jx6h-hv7m
reference_id GHSA-r7mm-jx6h-hv7m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7mm-jx6h-hv7m
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m
reference_id GHSA-r7mm-jx6h-hv7m
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2332, GHSA-r7mm-jx6h-hv7m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qj5-vh6d-7khq
15
url VCID-5tz5-h4wq-3qfy
vulnerability_id VCID-5tz5-h4wq-3qfy
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2323
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00681
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2323
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:50Z/
url https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e
3
reference_url https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:50Z/
url https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2323
reference_id CVE-2023-2323
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2323
5
reference_url https://github.com/advisories/GHSA-cjv6-w5hf-5wr6
reference_id GHSA-cjv6-w5hf-5wr6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cjv6-w5hf-5wr6
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6
reference_id GHSA-cjv6-w5hf-5wr6
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2323, GHSA-cjv6-w5hf-5wr6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5tz5-h4wq-3qfy
16
url VCID-68hd-e927-4kcu
vulnerability_id VCID-68hd-e927-4kcu
summary 
Pimcore is Vulnerable to Broken Access Control: Missing Function Level Authorization on "Static Routes" Listing
The application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This violates OWASP A01:2021 Broken Access Control, as function-level authorization is absent, allowing unauthorized access to internal routing metadata. Without validation, the endpoint exposes route structures, potentially revealing application architecture, endpoints, or custom logic intended for administrative roles only.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23494
reference_id
reference_type
scores
0
value 1e-05
scoring_system epss
scoring_elements 0.00014
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23494
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/pull/18893
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/
url https://github.com/pimcore/pimcore/pull/18893
3
reference_url https://github.com/pimcore/pimcore/releases/tag/v11.5.14
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/
url https://github.com/pimcore/pimcore/releases/tag/v11.5.14
4
reference_url https://github.com/pimcore/pimcore/releases/tag/v12.3.1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/
url https://github.com/pimcore/pimcore/releases/tag/v12.3.1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23494
reference_id CVE-2026-23494
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23494
6
reference_url https://github.com/advisories/GHSA-m3r2-724c-pwgf
reference_id GHSA-m3r2-724c-pwgf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m3r2-724c-pwgf
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf
reference_id GHSA-m3r2-724c-pwgf
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.5.14
purl pkg:composer/pimcore/pimcore@11.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f4vw-12f3-wfgb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14
1
url pkg:composer/pimcore/pimcore@12.3.1
purl pkg:composer/pimcore/pimcore@12.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f4vw-12f3-wfgb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1
aliases CVE-2026-23494, GHSA-m3r2-724c-pwgf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68hd-e927-4kcu
17
url VCID-6ph4-dkvv-eybx
vulnerability_id VCID-6ph4-dkvv-eybx
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18985
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00664
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18985
1
reference_url https://github.com/pimcore/pimcore/commit/9f2d075243a8392c114d9a8028858b9faf041e2d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/9f2d075243a8392c114d9a8028858b9faf041e2d
2
reference_url https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18985
reference_id CVE-2019-18985
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18985
fixed_packages
0
url pkg:composer/pimcore/pimcore@6.2.2
purl pkg:composer/pimcore/pimcore@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6w41-7cfk-j7cn
18
vulnerability VCID-7w3s-bvdz-bfht
19
vulnerability VCID-81mh-qb4b-n7a8
20
vulnerability VCID-84sb-282p-abb6
21
vulnerability VCID-8t1x-kdp9-jkag
22
vulnerability VCID-93rb-sj45-w3fh
23
vulnerability VCID-979q-g8dh-1fgw
24
vulnerability VCID-97te-6pwk-bbb4
25
vulnerability VCID-9m1k-bypd-zber
26
vulnerability VCID-9ra4-dac9-7qba
27
vulnerability VCID-a9e8-ky44-s3gc
28
vulnerability VCID-bb65-xxsn-m3gv
29
vulnerability VCID-bexg-r2xt-6ycy
30
vulnerability VCID-bz3s-p33z-kqf2
31
vulnerability VCID-c2j7-ywhr-3ff3
32
vulnerability VCID-c5af-wpgt-dkep
33
vulnerability VCID-cbx2-f95n-kqgd
34
vulnerability VCID-cgzf-jppn-q7ff
35
vulnerability VCID-d7zd-p4g6-ryd1
36
vulnerability VCID-de3u-8wqt-uyc2
37
vulnerability VCID-dhdb-wakw-pufe
38
vulnerability VCID-dr21-xtsw-f3b8
39
vulnerability VCID-drty-cbue-3kcv
40
vulnerability VCID-e11t-ywn5-v7gp
41
vulnerability VCID-f4vw-12f3-wfgb
42
vulnerability VCID-f5cg-bkw2-hqct
43
vulnerability VCID-f7yk-9pys-t7dr
44
vulnerability VCID-f92t-4uw8-67hh
45
vulnerability VCID-fhsn-akes-rqey
46
vulnerability VCID-fnz2-pbtj-43ak
47
vulnerability VCID-fpuf-6uyn-hydv
48
vulnerability VCID-fvku-th2k-93d8
49
vulnerability VCID-gda3-s5cp-w7d4
50
vulnerability VCID-ggje-p3cm-fyhe
51
vulnerability VCID-gs48-295u-mqdt
52
vulnerability VCID-gs7u-m432-yqaw
53
vulnerability VCID-hed9-c39j-87g2
54
vulnerability VCID-hn1d-5fbq-cyc7
55
vulnerability VCID-hvgj-5hjn-cbhb
56
vulnerability VCID-j5pq-ekja-jffv
57
vulnerability VCID-j9qv-7wsq-mkf6
58
vulnerability VCID-jgxx-v2wj-zkfh
59
vulnerability VCID-jx3r-bxmm-hfaw
60
vulnerability VCID-jxr2-qjbz-17ha
61
vulnerability VCID-m756-fmwt-dfbf
62
vulnerability VCID-m9aa-5k15-dfap
63
vulnerability VCID-mapb-drtt-rbez
64
vulnerability VCID-mcrd-q5wz-d7dk
65
vulnerability VCID-mhz5-dnv5-6uas
66
vulnerability VCID-mwu6-2hxd-efc2
67
vulnerability VCID-n6h3-gsty-sua2
68
vulnerability VCID-p7w5-8ynh-xuh4
69
vulnerability VCID-paqt-sa9x-2qcm
70
vulnerability VCID-pnn8-zfvf-wqcf
71
vulnerability VCID-px53-r47y-tbds
72
vulnerability VCID-q7xb-xff7-77cf
73
vulnerability VCID-qbz4-eznm-e3hw
74
vulnerability VCID-qn3n-hpd2-7baf
75
vulnerability VCID-qv8v-b5t4-jqb9
76
vulnerability VCID-r34d-uefq-skam
77
vulnerability VCID-sbqb-c913-rqhb
78
vulnerability VCID-smn4-dvb2-u7hb
79
vulnerability VCID-t6ek-fzh4-mbdu
80
vulnerability VCID-tkcj-gar9-dbbh
81
vulnerability VCID-tpk1-5fw2-pfgc
82
vulnerability VCID-trf7-n9zr-bubx
83
vulnerability VCID-tzjt-fdqe-s7ct
84
vulnerability VCID-uaf3-v6zj-uuc3
85
vulnerability VCID-ud81-gjp6-s3ac
86
vulnerability VCID-uegk-91nv-8be9
87
vulnerability VCID-ur7d-jx1z-kbet
88
vulnerability VCID-uukc-b952-zbgk
89
vulnerability VCID-uxdh-6r6k-h7fr
90
vulnerability VCID-v6d4-h4sz-4yad
91
vulnerability VCID-v9ts-sd7r-gff2
92
vulnerability VCID-w7q9-zspa-pfb7
93
vulnerability VCID-wdud-ckq4-wqfa
94
vulnerability VCID-wura-bb97-rbg7
95
vulnerability VCID-wzbf-bazj-4kgy
96
vulnerability VCID-x7pr-fcen-r7d5
97
vulnerability VCID-xa87-8qgt-t7az
98
vulnerability VCID-xfwh-3838-j7ct
99
vulnerability VCID-xgwg-8q8s-cbfk
100
vulnerability VCID-y92e-mb7u-sueg
101
vulnerability VCID-yah4-88g3-37ak
102
vulnerability VCID-ycet-r6tz-yyhn
103
vulnerability VCID-ypfe-fdqf-cfcn
104
vulnerability VCID-zbp5-8ec3-gfe4
105
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.2.2
aliases CVE-2019-18985, GHSA-hf62-5vxh-jpwj
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ph4-dkvv-eybx
18
url VCID-6w41-7cfk-j7cn
vulnerability_id VCID-6w41-7cfk-j7cn
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2616
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01364
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2616
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:40:53Z/
url https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091
3
reference_url https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:40:53Z/
url https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2616
reference_id CVE-2023-2616
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2616
5
reference_url https://github.com/advisories/GHSA-mhpj-7m7h-8p6x
reference_id GHSA-mhpj-7m7h-8p6x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhpj-7m7h-8p6x
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x
reference_id GHSA-mhpj-7m7h-8p6x
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2616, GHSA-mhpj-7m7h-8p6x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6w41-7cfk-j7cn
19
url VCID-7w3s-bvdz-bfht
vulnerability_id VCID-7w3s-bvdz-bfht
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1219
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.39941
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1219
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017
3
reference_url https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1219
reference_id CVE-2022-1219
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1219
5
reference_url https://github.com/advisories/GHSA-6gm7-j668-w6h9
reference_id GHSA-6gm7-j668-w6h9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6gm7-j668-w6h9
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.5
purl pkg:composer/pimcore/pimcore@10.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-8t1x-kdp9-jkag
15
vulnerability VCID-93rb-sj45-w3fh
16
vulnerability VCID-979q-g8dh-1fgw
17
vulnerability VCID-9m1k-bypd-zber
18
vulnerability VCID-9ra4-dac9-7qba
19
vulnerability VCID-bb65-xxsn-m3gv
20
vulnerability VCID-bz3s-p33z-kqf2
21
vulnerability VCID-c2j7-ywhr-3ff3
22
vulnerability VCID-c5af-wpgt-dkep
23
vulnerability VCID-cbx2-f95n-kqgd
24
vulnerability VCID-cgzf-jppn-q7ff
25
vulnerability VCID-d7zd-p4g6-ryd1
26
vulnerability VCID-de3u-8wqt-uyc2
27
vulnerability VCID-dhdb-wakw-pufe
28
vulnerability VCID-drty-cbue-3kcv
29
vulnerability VCID-e11t-ywn5-v7gp
30
vulnerability VCID-f4vw-12f3-wfgb
31
vulnerability VCID-f5cg-bkw2-hqct
32
vulnerability VCID-f7yk-9pys-t7dr
33
vulnerability VCID-fvku-th2k-93d8
34
vulnerability VCID-gda3-s5cp-w7d4
35
vulnerability VCID-gs48-295u-mqdt
36
vulnerability VCID-gs7u-m432-yqaw
37
vulnerability VCID-hed9-c39j-87g2
38
vulnerability VCID-j9qv-7wsq-mkf6
39
vulnerability VCID-jgxx-v2wj-zkfh
40
vulnerability VCID-jx3r-bxmm-hfaw
41
vulnerability VCID-jxr2-qjbz-17ha
42
vulnerability VCID-m9aa-5k15-dfap
43
vulnerability VCID-mapb-drtt-rbez
44
vulnerability VCID-mcrd-q5wz-d7dk
45
vulnerability VCID-mhz5-dnv5-6uas
46
vulnerability VCID-mwu6-2hxd-efc2
47
vulnerability VCID-n6h3-gsty-sua2
48
vulnerability VCID-p7w5-8ynh-xuh4
49
vulnerability VCID-q7xb-xff7-77cf
50
vulnerability VCID-qn3n-hpd2-7baf
51
vulnerability VCID-qv8v-b5t4-jqb9
52
vulnerability VCID-t6ek-fzh4-mbdu
53
vulnerability VCID-tkcj-gar9-dbbh
54
vulnerability VCID-uaf3-v6zj-uuc3
55
vulnerability VCID-ud81-gjp6-s3ac
56
vulnerability VCID-ur7d-jx1z-kbet
57
vulnerability VCID-uxdh-6r6k-h7fr
58
vulnerability VCID-v6d4-h4sz-4yad
59
vulnerability VCID-wdud-ckq4-wqfa
60
vulnerability VCID-wzbf-bazj-4kgy
61
vulnerability VCID-xfwh-3838-j7ct
62
vulnerability VCID-xgwg-8q8s-cbfk
63
vulnerability VCID-y92e-mb7u-sueg
64
vulnerability VCID-yah4-88g3-37ak
65
vulnerability VCID-ycet-r6tz-yyhn
66
vulnerability VCID-zbp5-8ec3-gfe4
67
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.5
aliases CVE-2022-1219, GHSA-6gm7-j668-w6h9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7w3s-bvdz-bfht
20
url VCID-81mh-qb4b-n7a8
vulnerability_id VCID-81mh-qb4b-n7a8
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.
references
0
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
1
reference_url https://github.com/pimcore/pimcore/commit/da2af2d413b144b9a742118124457d13232d31fd
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/da2af2d413b144b9a742118124457d13232d31fd
2
reference_url https://huntr.dev/bounties/04447124-c7d4-477f-8364-91fe5b59cda0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/04447124-c7d4-477f-8364-91fe5b59cda0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1247
reference_id CVE-2023-1247
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1247
4
reference_url https://github.com/advisories/GHSA-8wg7-88cg-7p9j
reference_id GHSA-8wg7-88cg-7p9j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wg7-88cg-7p9j
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.0.0
purl pkg:composer/pimcore/pimcore@11.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-b518-ye2d-sbdh
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0
aliases CVE-2023-1247, GHSA-8wg7-88cg-7p9j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81mh-qb4b-n7a8
21
url VCID-84sb-282p-abb6
vulnerability_id VCID-84sb-282p-abb6
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39365
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.42599
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39365
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/43aa34e018f5cd447bceb864358285ba92f68372
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/43aa34e018f5cd447bceb864358285ba92f68372
3
reference_url https://github.com/pimcore/pimcore/pull/13347
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/13347
4
reference_url https://github.com/pimcore/pimcore/pull/13347.patch
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/13347.patch
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-39365
reference_id CVE-2022-39365
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-39365
6
reference_url https://github.com/advisories/GHSA-5qxq-vgmm-q39m
reference_id GHSA-5qxq-vgmm-q39m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5qxq-vgmm-q39m
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-5qxq-vgmm-q39m
reference_id GHSA-5qxq-vgmm-q39m
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-5qxq-vgmm-q39m
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.9
purl pkg:composer/pimcore/pimcore@10.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-4p8y-eknc-zfgn
7
vulnerability VCID-5qj5-vh6d-7khq
8
vulnerability VCID-5tz5-h4wq-3qfy
9
vulnerability VCID-68hd-e927-4kcu
10
vulnerability VCID-6w41-7cfk-j7cn
11
vulnerability VCID-81mh-qb4b-n7a8
12
vulnerability VCID-93rb-sj45-w3fh
13
vulnerability VCID-979q-g8dh-1fgw
14
vulnerability VCID-9m1k-bypd-zber
15
vulnerability VCID-9ra4-dac9-7qba
16
vulnerability VCID-bb65-xxsn-m3gv
17
vulnerability VCID-c2j7-ywhr-3ff3
18
vulnerability VCID-c5af-wpgt-dkep
19
vulnerability VCID-cbx2-f95n-kqgd
20
vulnerability VCID-cgzf-jppn-q7ff
21
vulnerability VCID-d7zd-p4g6-ryd1
22
vulnerability VCID-de3u-8wqt-uyc2
23
vulnerability VCID-dhdb-wakw-pufe
24
vulnerability VCID-drty-cbue-3kcv
25
vulnerability VCID-e11t-ywn5-v7gp
26
vulnerability VCID-f4vw-12f3-wfgb
27
vulnerability VCID-f5cg-bkw2-hqct
28
vulnerability VCID-f7yk-9pys-t7dr
29
vulnerability VCID-fvku-th2k-93d8
30
vulnerability VCID-gs48-295u-mqdt
31
vulnerability VCID-gs7u-m432-yqaw
32
vulnerability VCID-hed9-c39j-87g2
33
vulnerability VCID-j9qv-7wsq-mkf6
34
vulnerability VCID-jgxx-v2wj-zkfh
35
vulnerability VCID-jx3r-bxmm-hfaw
36
vulnerability VCID-jxr2-qjbz-17ha
37
vulnerability VCID-m9aa-5k15-dfap
38
vulnerability VCID-mapb-drtt-rbez
39
vulnerability VCID-mcrd-q5wz-d7dk
40
vulnerability VCID-mwu6-2hxd-efc2
41
vulnerability VCID-n6h3-gsty-sua2
42
vulnerability VCID-p7w5-8ynh-xuh4
43
vulnerability VCID-q7xb-xff7-77cf
44
vulnerability VCID-qn3n-hpd2-7baf
45
vulnerability VCID-qv8v-b5t4-jqb9
46
vulnerability VCID-t6ek-fzh4-mbdu
47
vulnerability VCID-tkcj-gar9-dbbh
48
vulnerability VCID-uaf3-v6zj-uuc3
49
vulnerability VCID-ud81-gjp6-s3ac
50
vulnerability VCID-ur7d-jx1z-kbet
51
vulnerability VCID-uxdh-6r6k-h7fr
52
vulnerability VCID-v6d4-h4sz-4yad
53
vulnerability VCID-wdud-ckq4-wqfa
54
vulnerability VCID-wzbf-bazj-4kgy
55
vulnerability VCID-xfwh-3838-j7ct
56
vulnerability VCID-xgwg-8q8s-cbfk
57
vulnerability VCID-y92e-mb7u-sueg
58
vulnerability VCID-yah4-88g3-37ak
59
vulnerability VCID-ycet-r6tz-yyhn
60
vulnerability VCID-zbp5-8ec3-gfe4
61
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.9
aliases CVE-2022-39365, GHSA-5qxq-vgmm-q39m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84sb-282p-abb6
22
url VCID-8t1x-kdp9-jkag
vulnerability_id VCID-8t1x-kdp9-jkag
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2796
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41783
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2796
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d
3
reference_url https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2796
reference_id CVE-2022-2796
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2796
5
reference_url https://github.com/advisories/GHSA-pr4f-4pcx-2r3h
reference_id GHSA-pr4f-4pcx-2r3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr4f-4pcx-2r3h
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.4
purl pkg:composer/pimcore/pimcore@10.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-93rb-sj45-w3fh
15
vulnerability VCID-979q-g8dh-1fgw
16
vulnerability VCID-9m1k-bypd-zber
17
vulnerability VCID-9ra4-dac9-7qba
18
vulnerability VCID-bb65-xxsn-m3gv
19
vulnerability VCID-c2j7-ywhr-3ff3
20
vulnerability VCID-c5af-wpgt-dkep
21
vulnerability VCID-cbx2-f95n-kqgd
22
vulnerability VCID-cgzf-jppn-q7ff
23
vulnerability VCID-d7zd-p4g6-ryd1
24
vulnerability VCID-de3u-8wqt-uyc2
25
vulnerability VCID-dhdb-wakw-pufe
26
vulnerability VCID-drty-cbue-3kcv
27
vulnerability VCID-e11t-ywn5-v7gp
28
vulnerability VCID-f4vw-12f3-wfgb
29
vulnerability VCID-f5cg-bkw2-hqct
30
vulnerability VCID-f7yk-9pys-t7dr
31
vulnerability VCID-fvku-th2k-93d8
32
vulnerability VCID-gs48-295u-mqdt
33
vulnerability VCID-gs7u-m432-yqaw
34
vulnerability VCID-hed9-c39j-87g2
35
vulnerability VCID-j9qv-7wsq-mkf6
36
vulnerability VCID-jgxx-v2wj-zkfh
37
vulnerability VCID-jx3r-bxmm-hfaw
38
vulnerability VCID-jxr2-qjbz-17ha
39
vulnerability VCID-m9aa-5k15-dfap
40
vulnerability VCID-mapb-drtt-rbez
41
vulnerability VCID-mcrd-q5wz-d7dk
42
vulnerability VCID-mhz5-dnv5-6uas
43
vulnerability VCID-mwu6-2hxd-efc2
44
vulnerability VCID-n6h3-gsty-sua2
45
vulnerability VCID-p7w5-8ynh-xuh4
46
vulnerability VCID-q7xb-xff7-77cf
47
vulnerability VCID-qn3n-hpd2-7baf
48
vulnerability VCID-qv8v-b5t4-jqb9
49
vulnerability VCID-t6ek-fzh4-mbdu
50
vulnerability VCID-tkcj-gar9-dbbh
51
vulnerability VCID-uaf3-v6zj-uuc3
52
vulnerability VCID-ud81-gjp6-s3ac
53
vulnerability VCID-ur7d-jx1z-kbet
54
vulnerability VCID-uxdh-6r6k-h7fr
55
vulnerability VCID-v6d4-h4sz-4yad
56
vulnerability VCID-wdud-ckq4-wqfa
57
vulnerability VCID-wzbf-bazj-4kgy
58
vulnerability VCID-xfwh-3838-j7ct
59
vulnerability VCID-xgwg-8q8s-cbfk
60
vulnerability VCID-y92e-mb7u-sueg
61
vulnerability VCID-yah4-88g3-37ak
62
vulnerability VCID-ycet-r6tz-yyhn
63
vulnerability VCID-zbp5-8ec3-gfe4
64
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.4
aliases CVE-2022-2796, GHSA-pr4f-4pcx-2r3h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8t1x-kdp9-jkag
23
url VCID-93rb-sj45-w3fh
vulnerability_id VCID-93rb-sj45-w3fh
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1429
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04721
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1429
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:15:52Z/
url https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5
3
reference_url https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:15:52Z/
url https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1429
reference_id CVE-2023-1429
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1429
5
reference_url https://github.com/advisories/GHSA-3223-w774-99fq
reference_id GHSA-3223-w774-99fq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3223-w774-99fq
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-3223-w774-99fq
reference_id GHSA-3223-w774-99fq
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-3223-w774-99fq
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases CVE-2023-1429, GHSA-3223-w774-99fq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93rb-sj45-w3fh
24
url VCID-979q-g8dh-1fgw
vulnerability_id VCID-979q-g8dh-1fgw
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2336
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01596
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2336
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:58Z/
url https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4
3
reference_url https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:58Z/
url https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2336
reference_id CVE-2023-2336
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2336
5
reference_url https://github.com/advisories/GHSA-hg77-vx9v-f49x
reference_id GHSA-hg77-vx9v-f49x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hg77-vx9v-f49x
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x
reference_id GHSA-hg77-vx9v-f49x
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2336, GHSA-hg77-vx9v-f49x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-979q-g8dh-1fgw
25
url VCID-97te-6pwk-bbb4
vulnerability_id VCID-97te-6pwk-bbb4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0510
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12731
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0510
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce
3
reference_url https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0510
reference_id CVE-2022-0510
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0510
5
reference_url https://github.com/advisories/GHSA-mxh3-2699-98g9
reference_id GHSA-mxh3-2699-98g9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mxh3-2699-98g9
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.1
purl pkg:composer/pimcore/pimcore@10.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-7w3s-bvdz-bfht
13
vulnerability VCID-81mh-qb4b-n7a8
14
vulnerability VCID-84sb-282p-abb6
15
vulnerability VCID-8t1x-kdp9-jkag
16
vulnerability VCID-93rb-sj45-w3fh
17
vulnerability VCID-979q-g8dh-1fgw
18
vulnerability VCID-9m1k-bypd-zber
19
vulnerability VCID-9ra4-dac9-7qba
20
vulnerability VCID-a9e8-ky44-s3gc
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fnz2-pbtj-43ak
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-paqt-sa9x-2qcm
54
vulnerability VCID-q7xb-xff7-77cf
55
vulnerability VCID-qbz4-eznm-e3hw
56
vulnerability VCID-qn3n-hpd2-7baf
57
vulnerability VCID-qv8v-b5t4-jqb9
58
vulnerability VCID-t6ek-fzh4-mbdu
59
vulnerability VCID-tkcj-gar9-dbbh
60
vulnerability VCID-uaf3-v6zj-uuc3
61
vulnerability VCID-ud81-gjp6-s3ac
62
vulnerability VCID-ur7d-jx1z-kbet
63
vulnerability VCID-uxdh-6r6k-h7fr
64
vulnerability VCID-v6d4-h4sz-4yad
65
vulnerability VCID-wdud-ckq4-wqfa
66
vulnerability VCID-wzbf-bazj-4kgy
67
vulnerability VCID-xfwh-3838-j7ct
68
vulnerability VCID-xgwg-8q8s-cbfk
69
vulnerability VCID-y92e-mb7u-sueg
70
vulnerability VCID-yah4-88g3-37ak
71
vulnerability VCID-ycet-r6tz-yyhn
72
vulnerability VCID-zbp5-8ec3-gfe4
73
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1
aliases CVE-2022-0510, GHSA-mxh3-2699-98g9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-97te-6pwk-bbb4
26
url VCID-9m1k-bypd-zber
vulnerability_id VCID-9m1k-bypd-zber
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1116
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00681
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1116
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:54Z/
url https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e
3
reference_url https://github.com/pimcore/pimcore/pull/14467.patch
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14467.patch
4
reference_url https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:54Z/
url https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1116
reference_id CVE-2023-1116
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1116
6
reference_url https://github.com/advisories/GHSA-96hp-38wx-j3wc
reference_id GHSA-96hp-38wx-j3wc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-96hp-38wx-j3wc
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-96hp-38wx-j3wc
reference_id GHSA-96hp-38wx-j3wc
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-96hp-38wx-j3wc
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.18
purl pkg:composer/pimcore/pimcore@10.5.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-5qj5-vh6d-7khq
7
vulnerability VCID-5tz5-h4wq-3qfy
8
vulnerability VCID-68hd-e927-4kcu
9
vulnerability VCID-6w41-7cfk-j7cn
10
vulnerability VCID-81mh-qb4b-n7a8
11
vulnerability VCID-93rb-sj45-w3fh
12
vulnerability VCID-979q-g8dh-1fgw
13
vulnerability VCID-9ra4-dac9-7qba
14
vulnerability VCID-bb65-xxsn-m3gv
15
vulnerability VCID-c2j7-ywhr-3ff3
16
vulnerability VCID-c5af-wpgt-dkep
17
vulnerability VCID-cbx2-f95n-kqgd
18
vulnerability VCID-cgzf-jppn-q7ff
19
vulnerability VCID-d7zd-p4g6-ryd1
20
vulnerability VCID-de3u-8wqt-uyc2
21
vulnerability VCID-dhdb-wakw-pufe
22
vulnerability VCID-drty-cbue-3kcv
23
vulnerability VCID-e11t-ywn5-v7gp
24
vulnerability VCID-f4vw-12f3-wfgb
25
vulnerability VCID-f5cg-bkw2-hqct
26
vulnerability VCID-f7yk-9pys-t7dr
27
vulnerability VCID-gs48-295u-mqdt
28
vulnerability VCID-hed9-c39j-87g2
29
vulnerability VCID-j9qv-7wsq-mkf6
30
vulnerability VCID-jgxx-v2wj-zkfh
31
vulnerability VCID-jxr2-qjbz-17ha
32
vulnerability VCID-m9aa-5k15-dfap
33
vulnerability VCID-mapb-drtt-rbez
34
vulnerability VCID-mcrd-q5wz-d7dk
35
vulnerability VCID-mwu6-2hxd-efc2
36
vulnerability VCID-n6h3-gsty-sua2
37
vulnerability VCID-p7w5-8ynh-xuh4
38
vulnerability VCID-q7xb-xff7-77cf
39
vulnerability VCID-qn3n-hpd2-7baf
40
vulnerability VCID-qv8v-b5t4-jqb9
41
vulnerability VCID-t6ek-fzh4-mbdu
42
vulnerability VCID-tkcj-gar9-dbbh
43
vulnerability VCID-uaf3-v6zj-uuc3
44
vulnerability VCID-uxdh-6r6k-h7fr
45
vulnerability VCID-v6d4-h4sz-4yad
46
vulnerability VCID-wdud-ckq4-wqfa
47
vulnerability VCID-wzbf-bazj-4kgy
48
vulnerability VCID-xfwh-3838-j7ct
49
vulnerability VCID-xgwg-8q8s-cbfk
50
vulnerability VCID-y92e-mb7u-sueg
51
vulnerability VCID-ycet-r6tz-yyhn
52
vulnerability VCID-zbp5-8ec3-gfe4
53
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1116, GHSA-96hp-38wx-j3wc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9m1k-bypd-zber
27
url VCID-9ra4-dac9-7qba
vulnerability_id VCID-9ra4-dac9-7qba
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2339
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00527
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2339
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T21:26:57Z/
url https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480
3
reference_url https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T21:26:57Z/
url https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2339
reference_id CVE-2023-2339
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2339
5
reference_url https://github.com/advisories/GHSA-6fvf-x8c6-2f6j
reference_id GHSA-6fvf-x8c6-2f6j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6fvf-x8c6-2f6j
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j
reference_id GHSA-6fvf-x8c6-2f6j
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2339, GHSA-6fvf-x8c6-2f6j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ra4-dac9-7qba
28
url VCID-a9e8-ky44-s3gc
vulnerability_id VCID-a9e8-ky44-s3gc
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0831
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35477
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0831
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf
3
reference_url https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0831
reference_id CVE-2022-0831
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0831
5
reference_url https://github.com/advisories/GHSA-q67f-3jq4-mww2
reference_id GHSA-q67f-3jq4-mww2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q67f-3jq4-mww2
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.3
purl pkg:composer/pimcore/pimcore@10.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-354d-zv99-73g6
4
vulnerability VCID-3et6-gmgj-h7bn
5
vulnerability VCID-3ref-crmy-eucd
6
vulnerability VCID-3xpj-x3xh-7ub9
7
vulnerability VCID-4dk6-cfer-t7b5
8
vulnerability VCID-4p8y-eknc-zfgn
9
vulnerability VCID-5qj5-vh6d-7khq
10
vulnerability VCID-5tz5-h4wq-3qfy
11
vulnerability VCID-68hd-e927-4kcu
12
vulnerability VCID-6w41-7cfk-j7cn
13
vulnerability VCID-7w3s-bvdz-bfht
14
vulnerability VCID-81mh-qb4b-n7a8
15
vulnerability VCID-84sb-282p-abb6
16
vulnerability VCID-8t1x-kdp9-jkag
17
vulnerability VCID-93rb-sj45-w3fh
18
vulnerability VCID-979q-g8dh-1fgw
19
vulnerability VCID-9m1k-bypd-zber
20
vulnerability VCID-9ra4-dac9-7qba
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fhsn-akes-rqey
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-q7xb-xff7-77cf
54
vulnerability VCID-qn3n-hpd2-7baf
55
vulnerability VCID-qv8v-b5t4-jqb9
56
vulnerability VCID-t6ek-fzh4-mbdu
57
vulnerability VCID-tkcj-gar9-dbbh
58
vulnerability VCID-uaf3-v6zj-uuc3
59
vulnerability VCID-ud81-gjp6-s3ac
60
vulnerability VCID-ur7d-jx1z-kbet
61
vulnerability VCID-uxdh-6r6k-h7fr
62
vulnerability VCID-v6d4-h4sz-4yad
63
vulnerability VCID-v9ts-sd7r-gff2
64
vulnerability VCID-wdud-ckq4-wqfa
65
vulnerability VCID-wzbf-bazj-4kgy
66
vulnerability VCID-xfwh-3838-j7ct
67
vulnerability VCID-xgwg-8q8s-cbfk
68
vulnerability VCID-y92e-mb7u-sueg
69
vulnerability VCID-yah4-88g3-37ak
70
vulnerability VCID-ycet-r6tz-yyhn
71
vulnerability VCID-zbp5-8ec3-gfe4
72
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.3
aliases CVE-2022-0831, GHSA-q67f-3jq4-mww2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9e8-ky44-s3gc
29
url VCID-bb65-xxsn-m3gv
vulnerability_id VCID-bb65-xxsn-m3gv
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27617
reference_id
reference_type
scores
0
value 0.00544
scoring_system epss
scoring_elements 0.6805
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27617
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/
url https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47
3
reference_url https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/
url https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347
4
reference_url https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/
url https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea
5
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27617
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27617
7
reference_url https://github.com/advisories/GHSA-qjpx-5m2p-5pgh
reference_id GHSA-qjpx-5m2p-5pgh
reference_type
scores
url https://github.com/advisories/GHSA-qjpx-5m2p-5pgh
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.5.4
purl pkg:composer/pimcore/pimcore@11.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-f4vw-12f3-wfgb
2
vulnerability VCID-f5cg-bkw2-hqct
3
vulnerability VCID-uaf3-v6zj-uuc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.4
aliases CVE-2025-27617, GHSA-qjpx-5m2p-5pgh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb65-xxsn-m3gv
30
url VCID-bexg-r2xt-6ycy
vulnerability_id VCID-bexg-r2xt-6ycy
summary 
Information Exposure Through Discrepancy
Pimcore is an open source data & experience management platform. A flaw was found identifying it is possible to enumerate usernames via the forgot password functionality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39189
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05926
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39189
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca039132bdfcbb0dce
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca039132bdfcbb0dce
3
reference_url https://github.com/pimcore/pimcore/pull/10223.patch
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/10223.patch
4
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9
5
reference_url https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c
6
reference_url https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c/
reference_id
reference_type
scores
url https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39189
reference_id CVE-2021-39189
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39189
8
reference_url https://github.com/advisories/GHSA-579x-cjvr-cqj9
reference_id GHSA-579x-cjvr-cqj9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-579x-cjvr-cqj9
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.1.3
purl pkg:composer/pimcore/pimcore@10.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-5qj5-vh6d-7khq
14
vulnerability VCID-5tz5-h4wq-3qfy
15
vulnerability VCID-68hd-e927-4kcu
16
vulnerability VCID-6w41-7cfk-j7cn
17
vulnerability VCID-7w3s-bvdz-bfht
18
vulnerability VCID-81mh-qb4b-n7a8
19
vulnerability VCID-84sb-282p-abb6
20
vulnerability VCID-8t1x-kdp9-jkag
21
vulnerability VCID-93rb-sj45-w3fh
22
vulnerability VCID-979q-g8dh-1fgw
23
vulnerability VCID-97te-6pwk-bbb4
24
vulnerability VCID-9m1k-bypd-zber
25
vulnerability VCID-9ra4-dac9-7qba
26
vulnerability VCID-a9e8-ky44-s3gc
27
vulnerability VCID-bb65-xxsn-m3gv
28
vulnerability VCID-bz3s-p33z-kqf2
29
vulnerability VCID-c2j7-ywhr-3ff3
30
vulnerability VCID-c5af-wpgt-dkep
31
vulnerability VCID-cbx2-f95n-kqgd
32
vulnerability VCID-cgzf-jppn-q7ff
33
vulnerability VCID-d7zd-p4g6-ryd1
34
vulnerability VCID-de3u-8wqt-uyc2
35
vulnerability VCID-dhdb-wakw-pufe
36
vulnerability VCID-drty-cbue-3kcv
37
vulnerability VCID-e11t-ywn5-v7gp
38
vulnerability VCID-f4vw-12f3-wfgb
39
vulnerability VCID-f5cg-bkw2-hqct
40
vulnerability VCID-f7yk-9pys-t7dr
41
vulnerability VCID-fhsn-akes-rqey
42
vulnerability VCID-fnz2-pbtj-43ak
43
vulnerability VCID-fpuf-6uyn-hydv
44
vulnerability VCID-fvku-th2k-93d8
45
vulnerability VCID-gda3-s5cp-w7d4
46
vulnerability VCID-ggje-p3cm-fyhe
47
vulnerability VCID-gs48-295u-mqdt
48
vulnerability VCID-gs7u-m432-yqaw
49
vulnerability VCID-hed9-c39j-87g2
50
vulnerability VCID-hn1d-5fbq-cyc7
51
vulnerability VCID-hvgj-5hjn-cbhb
52
vulnerability VCID-j5pq-ekja-jffv
53
vulnerability VCID-j9qv-7wsq-mkf6
54
vulnerability VCID-jgxx-v2wj-zkfh
55
vulnerability VCID-jx3r-bxmm-hfaw
56
vulnerability VCID-jxr2-qjbz-17ha
57
vulnerability VCID-m756-fmwt-dfbf
58
vulnerability VCID-m9aa-5k15-dfap
59
vulnerability VCID-mapb-drtt-rbez
60
vulnerability VCID-mcrd-q5wz-d7dk
61
vulnerability VCID-mhz5-dnv5-6uas
62
vulnerability VCID-mwu6-2hxd-efc2
63
vulnerability VCID-n6h3-gsty-sua2
64
vulnerability VCID-p7w5-8ynh-xuh4
65
vulnerability VCID-paqt-sa9x-2qcm
66
vulnerability VCID-pnn8-zfvf-wqcf
67
vulnerability VCID-px53-r47y-tbds
68
vulnerability VCID-q7xb-xff7-77cf
69
vulnerability VCID-qbz4-eznm-e3hw
70
vulnerability VCID-qn3n-hpd2-7baf
71
vulnerability VCID-qv8v-b5t4-jqb9
72
vulnerability VCID-sbqb-c913-rqhb
73
vulnerability VCID-smn4-dvb2-u7hb
74
vulnerability VCID-t6ek-fzh4-mbdu
75
vulnerability VCID-tkcj-gar9-dbbh
76
vulnerability VCID-trf7-n9zr-bubx
77
vulnerability VCID-uaf3-v6zj-uuc3
78
vulnerability VCID-ud81-gjp6-s3ac
79
vulnerability VCID-ur7d-jx1z-kbet
80
vulnerability VCID-uukc-b952-zbgk
81
vulnerability VCID-uxdh-6r6k-h7fr
82
vulnerability VCID-v6d4-h4sz-4yad
83
vulnerability VCID-v9ts-sd7r-gff2
84
vulnerability VCID-w7q9-zspa-pfb7
85
vulnerability VCID-wdud-ckq4-wqfa
86
vulnerability VCID-wzbf-bazj-4kgy
87
vulnerability VCID-x7pr-fcen-r7d5
88
vulnerability VCID-xa87-8qgt-t7az
89
vulnerability VCID-xfwh-3838-j7ct
90
vulnerability VCID-xgwg-8q8s-cbfk
91
vulnerability VCID-y92e-mb7u-sueg
92
vulnerability VCID-yah4-88g3-37ak
93
vulnerability VCID-ycet-r6tz-yyhn
94
vulnerability VCID-zbp5-8ec3-gfe4
95
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.3
aliases CVE-2021-39189, GHSA-579x-cjvr-cqj9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bexg-r2xt-6ycy
31
url VCID-bz3s-p33z-kqf2
vulnerability_id VCID-bz3s-p33z-kqf2
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection in `GridHelperService.php` in GitHub repository pimcore/pimcore prior to 10.3.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1429
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.4613
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1429
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82
3
reference_url https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1429
reference_id CVE-2022-1429
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1429
5
reference_url https://github.com/advisories/GHSA-2v7p-f4qm-r5pc
reference_id GHSA-2v7p-f4qm-r5pc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2v7p-f4qm-r5pc
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.6
purl pkg:composer/pimcore/pimcore@10.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-8t1x-kdp9-jkag
15
vulnerability VCID-93rb-sj45-w3fh
16
vulnerability VCID-979q-g8dh-1fgw
17
vulnerability VCID-9m1k-bypd-zber
18
vulnerability VCID-9ra4-dac9-7qba
19
vulnerability VCID-bb65-xxsn-m3gv
20
vulnerability VCID-c2j7-ywhr-3ff3
21
vulnerability VCID-c5af-wpgt-dkep
22
vulnerability VCID-cbx2-f95n-kqgd
23
vulnerability VCID-cgzf-jppn-q7ff
24
vulnerability VCID-d7zd-p4g6-ryd1
25
vulnerability VCID-de3u-8wqt-uyc2
26
vulnerability VCID-dhdb-wakw-pufe
27
vulnerability VCID-drty-cbue-3kcv
28
vulnerability VCID-e11t-ywn5-v7gp
29
vulnerability VCID-f4vw-12f3-wfgb
30
vulnerability VCID-f5cg-bkw2-hqct
31
vulnerability VCID-f7yk-9pys-t7dr
32
vulnerability VCID-fvku-th2k-93d8
33
vulnerability VCID-gs48-295u-mqdt
34
vulnerability VCID-gs7u-m432-yqaw
35
vulnerability VCID-hed9-c39j-87g2
36
vulnerability VCID-j9qv-7wsq-mkf6
37
vulnerability VCID-jgxx-v2wj-zkfh
38
vulnerability VCID-jx3r-bxmm-hfaw
39
vulnerability VCID-jxr2-qjbz-17ha
40
vulnerability VCID-m9aa-5k15-dfap
41
vulnerability VCID-mapb-drtt-rbez
42
vulnerability VCID-mcrd-q5wz-d7dk
43
vulnerability VCID-mhz5-dnv5-6uas
44
vulnerability VCID-mwu6-2hxd-efc2
45
vulnerability VCID-n6h3-gsty-sua2
46
vulnerability VCID-p7w5-8ynh-xuh4
47
vulnerability VCID-q7xb-xff7-77cf
48
vulnerability VCID-qn3n-hpd2-7baf
49
vulnerability VCID-qv8v-b5t4-jqb9
50
vulnerability VCID-t6ek-fzh4-mbdu
51
vulnerability VCID-tkcj-gar9-dbbh
52
vulnerability VCID-uaf3-v6zj-uuc3
53
vulnerability VCID-ud81-gjp6-s3ac
54
vulnerability VCID-ur7d-jx1z-kbet
55
vulnerability VCID-uxdh-6r6k-h7fr
56
vulnerability VCID-v6d4-h4sz-4yad
57
vulnerability VCID-wdud-ckq4-wqfa
58
vulnerability VCID-wzbf-bazj-4kgy
59
vulnerability VCID-xfwh-3838-j7ct
60
vulnerability VCID-xgwg-8q8s-cbfk
61
vulnerability VCID-y92e-mb7u-sueg
62
vulnerability VCID-yah4-88g3-37ak
63
vulnerability VCID-ycet-r6tz-yyhn
64
vulnerability VCID-zbp5-8ec3-gfe4
65
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.6
aliases CVE-2022-1429, GHSA-2v7p-f4qm-r5pc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz3s-p33z-kqf2
32
url VCID-c2j7-ywhr-3ff3
vulnerability_id VCID-c2j7-ywhr-3ff3
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2630
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01279
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2630
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:39:45Z/
url https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38
3
reference_url https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:39:45Z/
url https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2630
reference_id CVE-2023-2630
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2630
5
reference_url https://github.com/advisories/GHSA-w766-3572-f2hv
reference_id GHSA-w766-3572-f2hv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w766-3572-f2hv
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv
reference_id GHSA-w766-3572-f2hv
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2630, GHSA-w766-3572-f2hv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2j7-ywhr-3ff3
33
url VCID-c5af-wpgt-dkep
vulnerability_id VCID-c5af-wpgt-dkep
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2343
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01018
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2343
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:04:53Z/
url https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e
3
reference_url https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:04:53Z/
url https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2343
reference_id CVE-2023-2343
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2343
5
reference_url https://github.com/advisories/GHSA-9q7q-r54q-3f3g
reference_id GHSA-9q7q-r54q-3f3g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9q7q-r54q-3f3g
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g
reference_id GHSA-9q7q-r54q-3f3g
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2343, GHSA-9q7q-r54q-3f3g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5af-wpgt-dkep
34
url VCID-cbx2-f95n-kqgd
vulnerability_id VCID-cbx2-f95n-kqgd
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4453
reference_id
reference_type
scores
0
value 3e-05
scoring_system epss
scoring_elements 0.00118
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4453
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T14:05:40Z/
url https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e
3
reference_url https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T14:05:40Z/
url https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4453
reference_id CVE-2023-4453
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4453
5
reference_url https://github.com/advisories/GHSA-599v-h3q5-g6r9
reference_id GHSA-599v-h3q5-g6r9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-599v-h3q5-g6r9
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-599v-h3q5-g6r9
reference_id GHSA-599v-h3q5-g6r9
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-599v-h3q5-g6r9
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.6.8
purl pkg:composer/pimcore/pimcore@10.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-bb65-xxsn-m3gv
2
vulnerability VCID-dhdb-wakw-pufe
3
vulnerability VCID-f4vw-12f3-wfgb
4
vulnerability VCID-f5cg-bkw2-hqct
5
vulnerability VCID-uaf3-v6zj-uuc3
6
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.8
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-4453, GHSA-599v-h3q5-g6r9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbx2-f95n-kqgd
35
url VCID-cgzf-jppn-q7ff
vulnerability_id VCID-cgzf-jppn-q7ff
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pimcore/pimcore.
references
0
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
1
reference_url https://github.com/advisories/GHSA-rrwm-8wqm-gwgv
reference_id GHSA-rrwm-8wqm-gwgv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrwm-8wqm-gwgv
2
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-rrwm-8wqm-gwgv
reference_id GHSA-rrwm-8wqm-gwgv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-rrwm-8wqm-gwgv
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases GHSA-rrwm-8wqm-gwgv, GMS-2023-781
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgzf-jppn-q7ff
36
url VCID-d6ep-hreb-gqfg
vulnerability_id VCID-d6ep-hreb-gqfg
summary 
Deserialization of Untrusted Data
An attacker with classes permission can send a POST request to `/admin/class/bulk-commit`, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to `bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php`.
references
0
reference_url http://packetstormsecurity.com/files/152667/Pimcore-Unserialize-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152667/Pimcore-Unserialize-Remote-Code-Execution.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10867
reference_id
reference_type
scores
0
value 0.52728
scoring_system epss
scoring_elements 0.97992
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10867
2
reference_url https://blog.certimetergroup.com/it/articolo/security/polyglot_phar_deserialization_to_rce
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.certimetergroup.com/it/articolo/security/polyglot_phar_deserialization_to_rce
3
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
4
reference_url https://github.com/pimcore/pimcore/commit/38a29e2f4f5f060a73974626952501cee05fda73
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/38a29e2f4f5f060a73974626952501cee05fda73
5
reference_url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-173998
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-173998
6
reference_url https://www.exploit-db.com/exploits/46783
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46783
7
reference_url https://www.exploit-db.com/exploits/46783/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46783/
8
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/pimcore_unserialize_rce
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.rapid7.com/db/modules/exploit/multi/http/pimcore_unserialize_rce
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46783.rb
reference_id CVE-2019-10867
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46783.rb
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10867
reference_id CVE-2019-10867
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10867
11
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/pimcore_unserialize_rce.rb
reference_id CVE-2019-10867
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/pimcore_unserialize_rce.rb
12
reference_url https://github.com/advisories/GHSA-7hqr-j26m-gmwp
reference_id GHSA-7hqr-j26m-gmwp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7hqr-j26m-gmwp
fixed_packages
0
url pkg:composer/pimcore/pimcore@5.7.1
purl pkg:composer/pimcore/pimcore@5.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6ph4-dkvv-eybx
18
vulnerability VCID-6w41-7cfk-j7cn
19
vulnerability VCID-7w3s-bvdz-bfht
20
vulnerability VCID-81mh-qb4b-n7a8
21
vulnerability VCID-84sb-282p-abb6
22
vulnerability VCID-8t1x-kdp9-jkag
23
vulnerability VCID-93rb-sj45-w3fh
24
vulnerability VCID-979q-g8dh-1fgw
25
vulnerability VCID-97te-6pwk-bbb4
26
vulnerability VCID-9m1k-bypd-zber
27
vulnerability VCID-9ra4-dac9-7qba
28
vulnerability VCID-a9e8-ky44-s3gc
29
vulnerability VCID-bb65-xxsn-m3gv
30
vulnerability VCID-bexg-r2xt-6ycy
31
vulnerability VCID-bz3s-p33z-kqf2
32
vulnerability VCID-c2j7-ywhr-3ff3
33
vulnerability VCID-c5af-wpgt-dkep
34
vulnerability VCID-cbx2-f95n-kqgd
35
vulnerability VCID-cgzf-jppn-q7ff
36
vulnerability VCID-d7zd-p4g6-ryd1
37
vulnerability VCID-de3u-8wqt-uyc2
38
vulnerability VCID-dhdb-wakw-pufe
39
vulnerability VCID-dr21-xtsw-f3b8
40
vulnerability VCID-drty-cbue-3kcv
41
vulnerability VCID-e11t-ywn5-v7gp
42
vulnerability VCID-f4vw-12f3-wfgb
43
vulnerability VCID-f5cg-bkw2-hqct
44
vulnerability VCID-f7yk-9pys-t7dr
45
vulnerability VCID-f92t-4uw8-67hh
46
vulnerability VCID-fb1z-259v-g7hp
47
vulnerability VCID-fhsn-akes-rqey
48
vulnerability VCID-fnz2-pbtj-43ak
49
vulnerability VCID-fpuf-6uyn-hydv
50
vulnerability VCID-fvku-th2k-93d8
51
vulnerability VCID-gda3-s5cp-w7d4
52
vulnerability VCID-ggje-p3cm-fyhe
53
vulnerability VCID-gs48-295u-mqdt
54
vulnerability VCID-gs7u-m432-yqaw
55
vulnerability VCID-hed9-c39j-87g2
56
vulnerability VCID-hn1d-5fbq-cyc7
57
vulnerability VCID-hvgj-5hjn-cbhb
58
vulnerability VCID-j5pq-ekja-jffv
59
vulnerability VCID-j9qv-7wsq-mkf6
60
vulnerability VCID-jgxx-v2wj-zkfh
61
vulnerability VCID-jx3r-bxmm-hfaw
62
vulnerability VCID-jxr2-qjbz-17ha
63
vulnerability VCID-m756-fmwt-dfbf
64
vulnerability VCID-m9aa-5k15-dfap
65
vulnerability VCID-mapb-drtt-rbez
66
vulnerability VCID-mcrd-q5wz-d7dk
67
vulnerability VCID-mhz5-dnv5-6uas
68
vulnerability VCID-mwu6-2hxd-efc2
69
vulnerability VCID-n6h3-gsty-sua2
70
vulnerability VCID-p7w5-8ynh-xuh4
71
vulnerability VCID-paqt-sa9x-2qcm
72
vulnerability VCID-pnn8-zfvf-wqcf
73
vulnerability VCID-px53-r47y-tbds
74
vulnerability VCID-q7xb-xff7-77cf
75
vulnerability VCID-qbz4-eznm-e3hw
76
vulnerability VCID-qn3n-hpd2-7baf
77
vulnerability VCID-qv8v-b5t4-jqb9
78
vulnerability VCID-r34d-uefq-skam
79
vulnerability VCID-sbqb-c913-rqhb
80
vulnerability VCID-sccv-pzyk-cka7
81
vulnerability VCID-smn4-dvb2-u7hb
82
vulnerability VCID-t6ek-fzh4-mbdu
83
vulnerability VCID-tkcj-gar9-dbbh
84
vulnerability VCID-tpk1-5fw2-pfgc
85
vulnerability VCID-trf7-n9zr-bubx
86
vulnerability VCID-tzjt-fdqe-s7ct
87
vulnerability VCID-uaf3-v6zj-uuc3
88
vulnerability VCID-ud81-gjp6-s3ac
89
vulnerability VCID-ur7d-jx1z-kbet
90
vulnerability VCID-uukc-b952-zbgk
91
vulnerability VCID-uxdh-6r6k-h7fr
92
vulnerability VCID-v6d4-h4sz-4yad
93
vulnerability VCID-v9ts-sd7r-gff2
94
vulnerability VCID-w7q9-zspa-pfb7
95
vulnerability VCID-wdud-ckq4-wqfa
96
vulnerability VCID-wura-bb97-rbg7
97
vulnerability VCID-wzbf-bazj-4kgy
98
vulnerability VCID-x7pr-fcen-r7d5
99
vulnerability VCID-xa87-8qgt-t7az
100
vulnerability VCID-xfwh-3838-j7ct
101
vulnerability VCID-xgwg-8q8s-cbfk
102
vulnerability VCID-y92e-mb7u-sueg
103
vulnerability VCID-yah4-88g3-37ak
104
vulnerability VCID-ycet-r6tz-yyhn
105
vulnerability VCID-ypfe-fdqf-cfcn
106
vulnerability VCID-zbp5-8ec3-gfe4
107
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.7.1
aliases CVE-2019-10867, GHSA-7hqr-j26m-gmwp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6ep-hreb-gqfg
37
url VCID-d7zd-p4g6-ryd1
vulnerability_id VCID-d7zd-p4g6-ryd1
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1515
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.04022
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1515
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:23:15Z/
url https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964
3
reference_url https://github.com/pimcore/pimcore/pull/14562
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14562
4
reference_url https://github.com/pimcore/pimcore/pull/14562.patch
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14562.patch
5
reference_url https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:23:15Z/
url https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282
6
reference_url https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/
reference_id
reference_type
scores
url https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1515
reference_id CVE-2023-1515
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1515
8
reference_url https://github.com/advisories/GHSA-66cm-c7ch-5j8q
reference_id GHSA-66cm-c7ch-5j8q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66cm-c7ch-5j8q
9
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-66cm-c7ch-5j8q
reference_id GHSA-66cm-c7ch-5j8q
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-66cm-c7ch-5j8q
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases CVE-2023-1515, GHSA-66cm-c7ch-5j8q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7zd-p4g6-ryd1
38
url VCID-de3u-8wqt-uyc2
vulnerability_id VCID-de3u-8wqt-uyc2
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.
The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38708
reference_id
reference_type
scores
0
value 4e-05
scoring_system epss
scoring_elements 0.00194
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38708
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:21:04Z/
url https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38708
reference_id CVE-2023-38708
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38708
4
reference_url https://github.com/advisories/GHSA-34hj-v8fm-x887
reference_id GHSA-34hj-v8fm-x887
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34hj-v8fm-x887
5
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887
reference_id GHSA-34hj-v8fm-x887
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:21:04Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.6.7
purl pkg:composer/pimcore/pimcore@10.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-bb65-xxsn-m3gv
2
vulnerability VCID-cbx2-f95n-kqgd
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-uaf3-v6zj-uuc3
7
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.7
aliases CVE-2023-38708, GHSA-34hj-v8fm-x887
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de3u-8wqt-uyc2
39
url VCID-dhdb-wakw-pufe
vulnerability_id VCID-dhdb-wakw-pufe
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5873
reference_id
reference_type
scores
0
value 4e-05
scoring_system epss
scoring_elements 0.00149
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5873
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:14Z/
url https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c
3
reference_url https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:14Z/
url https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5873
reference_id CVE-2023-5873
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5873
5
reference_url https://github.com/advisories/GHSA-j59v-hh4p-q92m
reference_id GHSA-j59v-hh4p-q92m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j59v-hh4p-q92m
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.1.0
purl pkg:composer/pimcore/pimcore@11.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-b518-ye2d-sbdh
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-f4vw-12f3-wfgb
4
vulnerability VCID-f5cg-bkw2-hqct
5
vulnerability VCID-pvmk-ymnm-uyah
6
vulnerability VCID-uaf3-v6zj-uuc3
7
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.1.0
aliases CVE-2023-5873, GHSA-j59v-hh4p-q92m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhdb-wakw-pufe
40
url VCID-dr21-xtsw-f3b8
vulnerability_id VCID-dr21-xtsw-f3b8
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26246
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10526
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26246
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26246
reference_id CVE-2020-26246
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-26246
fixed_packages
0
url pkg:composer/pimcore/pimcore@6.8.5
purl pkg:composer/pimcore/pimcore@6.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6w41-7cfk-j7cn
18
vulnerability VCID-7w3s-bvdz-bfht
19
vulnerability VCID-81mh-qb4b-n7a8
20
vulnerability VCID-84sb-282p-abb6
21
vulnerability VCID-8t1x-kdp9-jkag
22
vulnerability VCID-93rb-sj45-w3fh
23
vulnerability VCID-979q-g8dh-1fgw
24
vulnerability VCID-97te-6pwk-bbb4
25
vulnerability VCID-9m1k-bypd-zber
26
vulnerability VCID-9ra4-dac9-7qba
27
vulnerability VCID-a9e8-ky44-s3gc
28
vulnerability VCID-bb65-xxsn-m3gv
29
vulnerability VCID-bexg-r2xt-6ycy
30
vulnerability VCID-bz3s-p33z-kqf2
31
vulnerability VCID-c2j7-ywhr-3ff3
32
vulnerability VCID-c5af-wpgt-dkep
33
vulnerability VCID-cbx2-f95n-kqgd
34
vulnerability VCID-cgzf-jppn-q7ff
35
vulnerability VCID-d7zd-p4g6-ryd1
36
vulnerability VCID-de3u-8wqt-uyc2
37
vulnerability VCID-dhdb-wakw-pufe
38
vulnerability VCID-drty-cbue-3kcv
39
vulnerability VCID-e11t-ywn5-v7gp
40
vulnerability VCID-f4vw-12f3-wfgb
41
vulnerability VCID-f5cg-bkw2-hqct
42
vulnerability VCID-f7yk-9pys-t7dr
43
vulnerability VCID-f92t-4uw8-67hh
44
vulnerability VCID-fhsn-akes-rqey
45
vulnerability VCID-fnz2-pbtj-43ak
46
vulnerability VCID-fpuf-6uyn-hydv
47
vulnerability VCID-fvku-th2k-93d8
48
vulnerability VCID-gda3-s5cp-w7d4
49
vulnerability VCID-ggje-p3cm-fyhe
50
vulnerability VCID-gs48-295u-mqdt
51
vulnerability VCID-gs7u-m432-yqaw
52
vulnerability VCID-hed9-c39j-87g2
53
vulnerability VCID-hn1d-5fbq-cyc7
54
vulnerability VCID-hvgj-5hjn-cbhb
55
vulnerability VCID-j5pq-ekja-jffv
56
vulnerability VCID-j9qv-7wsq-mkf6
57
vulnerability VCID-jgxx-v2wj-zkfh
58
vulnerability VCID-jx3r-bxmm-hfaw
59
vulnerability VCID-jxr2-qjbz-17ha
60
vulnerability VCID-m756-fmwt-dfbf
61
vulnerability VCID-m9aa-5k15-dfap
62
vulnerability VCID-mapb-drtt-rbez
63
vulnerability VCID-mcrd-q5wz-d7dk
64
vulnerability VCID-mhz5-dnv5-6uas
65
vulnerability VCID-mwu6-2hxd-efc2
66
vulnerability VCID-n6h3-gsty-sua2
67
vulnerability VCID-p7w5-8ynh-xuh4
68
vulnerability VCID-paqt-sa9x-2qcm
69
vulnerability VCID-pnn8-zfvf-wqcf
70
vulnerability VCID-px53-r47y-tbds
71
vulnerability VCID-q7xb-xff7-77cf
72
vulnerability VCID-qbz4-eznm-e3hw
73
vulnerability VCID-qn3n-hpd2-7baf
74
vulnerability VCID-qv8v-b5t4-jqb9
75
vulnerability VCID-r34d-uefq-skam
76
vulnerability VCID-sbqb-c913-rqhb
77
vulnerability VCID-smn4-dvb2-u7hb
78
vulnerability VCID-t6ek-fzh4-mbdu
79
vulnerability VCID-tkcj-gar9-dbbh
80
vulnerability VCID-trf7-n9zr-bubx
81
vulnerability VCID-tzjt-fdqe-s7ct
82
vulnerability VCID-uaf3-v6zj-uuc3
83
vulnerability VCID-ud81-gjp6-s3ac
84
vulnerability VCID-ur7d-jx1z-kbet
85
vulnerability VCID-uukc-b952-zbgk
86
vulnerability VCID-uxdh-6r6k-h7fr
87
vulnerability VCID-v6d4-h4sz-4yad
88
vulnerability VCID-v9ts-sd7r-gff2
89
vulnerability VCID-w7q9-zspa-pfb7
90
vulnerability VCID-wdud-ckq4-wqfa
91
vulnerability VCID-wura-bb97-rbg7
92
vulnerability VCID-wzbf-bazj-4kgy
93
vulnerability VCID-x7pr-fcen-r7d5
94
vulnerability VCID-xa87-8qgt-t7az
95
vulnerability VCID-xfwh-3838-j7ct
96
vulnerability VCID-xgwg-8q8s-cbfk
97
vulnerability VCID-y92e-mb7u-sueg
98
vulnerability VCID-yah4-88g3-37ak
99
vulnerability VCID-ycet-r6tz-yyhn
100
vulnerability VCID-ypfe-fdqf-cfcn
101
vulnerability VCID-zbp5-8ec3-gfe4
102
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.8.5
aliases CVE-2020-26246, GHSA-7p8p-4253-3mg6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dr21-xtsw-f3b8
41
url VCID-drty-cbue-3kcv
vulnerability_id VCID-drty-cbue-3kcv
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2342
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02136
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2342
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:31:26Z/
url https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564
3
reference_url https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:31:26Z/
url https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2342
reference_id CVE-2023-2342
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2342
5
reference_url https://github.com/advisories/GHSA-2c67-p4xh-m34w
reference_id GHSA-2c67-p4xh-m34w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2c67-p4xh-m34w
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w
reference_id GHSA-2c67-p4xh-m34w
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2342, GHSA-2c67-p4xh-m34w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drty-cbue-3kcv
42
url VCID-e11t-ywn5-v7gp
vulnerability_id VCID-e11t-ywn5-v7gp
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2322
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01689
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2322
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
1
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/
url https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773
3
reference_url https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
1
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/
url https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2322
reference_id CVE-2023-2322
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2322
5
reference_url https://github.com/advisories/GHSA-476g-v7hf-cw5m
reference_id GHSA-476g-v7hf-cw5m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-476g-v7hf-cw5m
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m
reference_id GHSA-476g-v7hf-cw5m
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2322, GHSA-476g-v7hf-cw5m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e11t-ywn5-v7gp
43
url VCID-f4vw-12f3-wfgb
vulnerability_id VCID-f4vw-12f3-wfgb
summary 
Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
The filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries.

Affected code in models/Dependency/Dao.php:
- getFilterRequiresByPath() lines 90, 95, 100
- getFilterRequiredByPath() lines 148, 153, 158

All 6 locations use direct string concatenation like:

"AND LOWER(CONCAT(o.path, o.key)) RLIKE '".$value."'"

Note that $orderBy and $orderDirection in the same methods (lines 75-81) ARE properly `whitelist`-validated, but $value has zero sanitization.

Entry points (pimcore/admin-ui-classic-bundle ElementController.php):
- GET /admin/element/get-requires-dependencies (line 654)
- GET /admin/element/get-required-by-dependencies (line 714)

The controller JSON-decodes the filter query param and passes $filter['value'] straight to the Dao without any escaping.

PoC (time-based blind):
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27461
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02473
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27461
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/
url https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4
3
reference_url https://github.com/pimcore/pimcore/pull/18991
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/
url https://github.com/pimcore/pimcore/pull/18991
4
reference_url https://github.com/pimcore/pimcore/releases/tag/v12.3.3
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/
url https://github.com/pimcore/pimcore/releases/tag/v12.3.3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27461
reference_id CVE-2026-27461
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27461
6
reference_url https://github.com/advisories/GHSA-vxg3-v4p6-f3fp
reference_id GHSA-vxg3-v4p6-f3fp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxg3-v4p6-f3fp
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp
reference_id GHSA-vxg3-v4p6-f3fp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp
fixed_packages
0
url pkg:composer/pimcore/pimcore@12.0.0-RC1
purl pkg:composer/pimcore/pimcore@12.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-f5cg-bkw2-hqct
2
vulnerability VCID-uaf3-v6zj-uuc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.0.0-RC1
1
url pkg:composer/pimcore/pimcore@12.3.3
purl pkg:composer/pimcore/pimcore@12.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ju46-yy7m-2yhv
1
vulnerability VCID-tndt-gq2j-7fcy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.3
aliases CVE-2026-27461, GHSA-vxg3-v4p6-f3fp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4vw-12f3-wfgb
44
url VCID-f5cg-bkw2-hqct
vulnerability_id VCID-f5cg-bkw2-hqct
summary 
Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
The http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23493
reference_id
reference_type
scores
0
value 1e-05
scoring_system epss
scoring_elements 5e-05
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23493
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601
3
reference_url https://github.com/pimcore/pimcore/pull/18918
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/pull/18918
4
reference_url https://github.com/pimcore/pimcore/releases/tag/v11.5.14
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/releases/tag/v11.5.14
5
reference_url https://github.com/pimcore/pimcore/releases/tag/v12.3.1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/releases/tag/v12.3.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23493
reference_id CVE-2026-23493
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23493
7
reference_url https://github.com/advisories/GHSA-q433-j342-rp9h
reference_id GHSA-q433-j342-rp9h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q433-j342-rp9h
8
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h
reference_id GHSA-q433-j342-rp9h
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.5.14
purl pkg:composer/pimcore/pimcore@11.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f4vw-12f3-wfgb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14
1
url pkg:composer/pimcore/pimcore@12.3.1
purl pkg:composer/pimcore/pimcore@12.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f4vw-12f3-wfgb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1
aliases CVE-2026-23493, GHSA-q433-j342-rp9h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5cg-bkw2-hqct
45
url VCID-f7yk-9pys-t7dr
vulnerability_id VCID-f7yk-9pys-t7dr
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1703
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.00885
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1703
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:31:27Z/
url https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef
3
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-4f25-2x2c-vg6v
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-4f25-2x2c-vg6v
4
reference_url https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:31:27Z/
url https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1703
reference_id CVE-2023-1703
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1703
6
reference_url https://github.com/advisories/GHSA-3r5c-h7g6-cqw7
reference_id GHSA-3r5c-h7g6-cqw7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3r5c-h7g6-cqw7
7
reference_url https://github.com/advisories/GHSA-4f25-2x2c-vg6v
reference_id GHSA-4f25-2x2c-vg6v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4f25-2x2c-vg6v
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.20
purl pkg:composer/pimcore/pimcore@10.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-4dk6-cfer-t7b5
3
vulnerability VCID-5qj5-vh6d-7khq
4
vulnerability VCID-5tz5-h4wq-3qfy
5
vulnerability VCID-68hd-e927-4kcu
6
vulnerability VCID-6w41-7cfk-j7cn
7
vulnerability VCID-979q-g8dh-1fgw
8
vulnerability VCID-9ra4-dac9-7qba
9
vulnerability VCID-bb65-xxsn-m3gv
10
vulnerability VCID-c2j7-ywhr-3ff3
11
vulnerability VCID-c5af-wpgt-dkep
12
vulnerability VCID-cbx2-f95n-kqgd
13
vulnerability VCID-de3u-8wqt-uyc2
14
vulnerability VCID-dhdb-wakw-pufe
15
vulnerability VCID-drty-cbue-3kcv
16
vulnerability VCID-e11t-ywn5-v7gp
17
vulnerability VCID-f4vw-12f3-wfgb
18
vulnerability VCID-f5cg-bkw2-hqct
19
vulnerability VCID-hed9-c39j-87g2
20
vulnerability VCID-jgxx-v2wj-zkfh
21
vulnerability VCID-jxr2-qjbz-17ha
22
vulnerability VCID-m9aa-5k15-dfap
23
vulnerability VCID-mapb-drtt-rbez
24
vulnerability VCID-mcrd-q5wz-d7dk
25
vulnerability VCID-mwu6-2hxd-efc2
26
vulnerability VCID-n6h3-gsty-sua2
27
vulnerability VCID-q7xb-xff7-77cf
28
vulnerability VCID-uaf3-v6zj-uuc3
29
vulnerability VCID-uxdh-6r6k-h7fr
30
vulnerability VCID-v6d4-h4sz-4yad
31
vulnerability VCID-wzbf-bazj-4kgy
32
vulnerability VCID-xfwh-3838-j7ct
33
vulnerability VCID-xgwg-8q8s-cbfk
34
vulnerability VCID-y92e-mb7u-sueg
35
vulnerability VCID-zbp5-8ec3-gfe4
36
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1703, GHSA-3r5c-h7g6-cqw7, GHSA-4f25-2x2c-vg6v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f7yk-9pys-t7dr
46
url VCID-f92t-4uw8-67hh
vulnerability_id VCID-f92t-4uw8-67hh
summary 
CKEditor 4 vulnerabilities in versions <4.16.1
Details see: 

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc ( CVE-2021-37695 )
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c ( CVE-2021-32808 )
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg  ( CVE-2021-32809 )

Patch: 
https://github.com/pimcore/pimcore/pull/10032
references
0
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
1
reference_url https://github.com/pimcore/pimcore/commit/0d2ce3b1db4ac40646cee5104115767505760b6a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/0d2ce3b1db4ac40646cee5104115767505760b6a
2
reference_url https://github.com/advisories/GHSA-cfcv-q4qq-2ph4
reference_id GHSA-cfcv-q4qq-2ph4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfcv-q4qq-2ph4
3
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-cfcv-q4qq-2ph4
reference_id GHSA-cfcv-q4qq-2ph4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-cfcv-q4qq-2ph4
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.1.1
purl pkg:composer/pimcore/pimcore@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6w41-7cfk-j7cn
18
vulnerability VCID-7w3s-bvdz-bfht
19
vulnerability VCID-81mh-qb4b-n7a8
20
vulnerability VCID-84sb-282p-abb6
21
vulnerability VCID-8t1x-kdp9-jkag
22
vulnerability VCID-93rb-sj45-w3fh
23
vulnerability VCID-979q-g8dh-1fgw
24
vulnerability VCID-97te-6pwk-bbb4
25
vulnerability VCID-9m1k-bypd-zber
26
vulnerability VCID-9ra4-dac9-7qba
27
vulnerability VCID-a9e8-ky44-s3gc
28
vulnerability VCID-bb65-xxsn-m3gv
29
vulnerability VCID-bexg-r2xt-6ycy
30
vulnerability VCID-bz3s-p33z-kqf2
31
vulnerability VCID-c2j7-ywhr-3ff3
32
vulnerability VCID-c5af-wpgt-dkep
33
vulnerability VCID-cbx2-f95n-kqgd
34
vulnerability VCID-cgzf-jppn-q7ff
35
vulnerability VCID-d7zd-p4g6-ryd1
36
vulnerability VCID-de3u-8wqt-uyc2
37
vulnerability VCID-dhdb-wakw-pufe
38
vulnerability VCID-drty-cbue-3kcv
39
vulnerability VCID-e11t-ywn5-v7gp
40
vulnerability VCID-f4vw-12f3-wfgb
41
vulnerability VCID-f5cg-bkw2-hqct
42
vulnerability VCID-f7yk-9pys-t7dr
43
vulnerability VCID-fhsn-akes-rqey
44
vulnerability VCID-fnz2-pbtj-43ak
45
vulnerability VCID-fpuf-6uyn-hydv
46
vulnerability VCID-fvku-th2k-93d8
47
vulnerability VCID-gda3-s5cp-w7d4
48
vulnerability VCID-ggje-p3cm-fyhe
49
vulnerability VCID-gs48-295u-mqdt
50
vulnerability VCID-gs7u-m432-yqaw
51
vulnerability VCID-hed9-c39j-87g2
52
vulnerability VCID-hn1d-5fbq-cyc7
53
vulnerability VCID-hvgj-5hjn-cbhb
54
vulnerability VCID-j5pq-ekja-jffv
55
vulnerability VCID-j9qv-7wsq-mkf6
56
vulnerability VCID-jgxx-v2wj-zkfh
57
vulnerability VCID-jx3r-bxmm-hfaw
58
vulnerability VCID-jxr2-qjbz-17ha
59
vulnerability VCID-m756-fmwt-dfbf
60
vulnerability VCID-m9aa-5k15-dfap
61
vulnerability VCID-mapb-drtt-rbez
62
vulnerability VCID-mcrd-q5wz-d7dk
63
vulnerability VCID-mhz5-dnv5-6uas
64
vulnerability VCID-mwu6-2hxd-efc2
65
vulnerability VCID-n6h3-gsty-sua2
66
vulnerability VCID-p7w5-8ynh-xuh4
67
vulnerability VCID-paqt-sa9x-2qcm
68
vulnerability VCID-pnn8-zfvf-wqcf
69
vulnerability VCID-px53-r47y-tbds
70
vulnerability VCID-q7xb-xff7-77cf
71
vulnerability VCID-qbz4-eznm-e3hw
72
vulnerability VCID-qn3n-hpd2-7baf
73
vulnerability VCID-qv8v-b5t4-jqb9
74
vulnerability VCID-r34d-uefq-skam
75
vulnerability VCID-sbqb-c913-rqhb
76
vulnerability VCID-smn4-dvb2-u7hb
77
vulnerability VCID-t6ek-fzh4-mbdu
78
vulnerability VCID-tkcj-gar9-dbbh
79
vulnerability VCID-trf7-n9zr-bubx
80
vulnerability VCID-uaf3-v6zj-uuc3
81
vulnerability VCID-ud81-gjp6-s3ac
82
vulnerability VCID-ur7d-jx1z-kbet
83
vulnerability VCID-uukc-b952-zbgk
84
vulnerability VCID-uxdh-6r6k-h7fr
85
vulnerability VCID-v6d4-h4sz-4yad
86
vulnerability VCID-v9ts-sd7r-gff2
87
vulnerability VCID-w7q9-zspa-pfb7
88
vulnerability VCID-wdud-ckq4-wqfa
89
vulnerability VCID-wzbf-bazj-4kgy
90
vulnerability VCID-x7pr-fcen-r7d5
91
vulnerability VCID-xa87-8qgt-t7az
92
vulnerability VCID-xfwh-3838-j7ct
93
vulnerability VCID-xgwg-8q8s-cbfk
94
vulnerability VCID-y92e-mb7u-sueg
95
vulnerability VCID-yah4-88g3-37ak
96
vulnerability VCID-ycet-r6tz-yyhn
97
vulnerability VCID-zbp5-8ec3-gfe4
98
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.1
aliases GHSA-cfcv-q4qq-2ph4, GMS-2021-117
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f92t-4uw8-67hh
47
url VCID-fb1z-259v-g7hp
vulnerability_id VCID-fb1z-259v-g7hp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18986
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00783
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18986
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/4a7bba5c3f818852cbbd29fa124f7fb09a207185
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/4a7bba5c3f818852cbbd29fa124f7fb09a207185
3
reference_url https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18986
reference_id CVE-2019-18986
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18986
fixed_packages
0
url pkg:composer/pimcore/pimcore@6.2.2
purl pkg:composer/pimcore/pimcore@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6w41-7cfk-j7cn
18
vulnerability VCID-7w3s-bvdz-bfht
19
vulnerability VCID-81mh-qb4b-n7a8
20
vulnerability VCID-84sb-282p-abb6
21
vulnerability VCID-8t1x-kdp9-jkag
22
vulnerability VCID-93rb-sj45-w3fh
23
vulnerability VCID-979q-g8dh-1fgw
24
vulnerability VCID-97te-6pwk-bbb4
25
vulnerability VCID-9m1k-bypd-zber
26
vulnerability VCID-9ra4-dac9-7qba
27
vulnerability VCID-a9e8-ky44-s3gc
28
vulnerability VCID-bb65-xxsn-m3gv
29
vulnerability VCID-bexg-r2xt-6ycy
30
vulnerability VCID-bz3s-p33z-kqf2
31
vulnerability VCID-c2j7-ywhr-3ff3
32
vulnerability VCID-c5af-wpgt-dkep
33
vulnerability VCID-cbx2-f95n-kqgd
34
vulnerability VCID-cgzf-jppn-q7ff
35
vulnerability VCID-d7zd-p4g6-ryd1
36
vulnerability VCID-de3u-8wqt-uyc2
37
vulnerability VCID-dhdb-wakw-pufe
38
vulnerability VCID-dr21-xtsw-f3b8
39
vulnerability VCID-drty-cbue-3kcv
40
vulnerability VCID-e11t-ywn5-v7gp
41
vulnerability VCID-f4vw-12f3-wfgb
42
vulnerability VCID-f5cg-bkw2-hqct
43
vulnerability VCID-f7yk-9pys-t7dr
44
vulnerability VCID-f92t-4uw8-67hh
45
vulnerability VCID-fhsn-akes-rqey
46
vulnerability VCID-fnz2-pbtj-43ak
47
vulnerability VCID-fpuf-6uyn-hydv
48
vulnerability VCID-fvku-th2k-93d8
49
vulnerability VCID-gda3-s5cp-w7d4
50
vulnerability VCID-ggje-p3cm-fyhe
51
vulnerability VCID-gs48-295u-mqdt
52
vulnerability VCID-gs7u-m432-yqaw
53
vulnerability VCID-hed9-c39j-87g2
54
vulnerability VCID-hn1d-5fbq-cyc7
55
vulnerability VCID-hvgj-5hjn-cbhb
56
vulnerability VCID-j5pq-ekja-jffv
57
vulnerability VCID-j9qv-7wsq-mkf6
58
vulnerability VCID-jgxx-v2wj-zkfh
59
vulnerability VCID-jx3r-bxmm-hfaw
60
vulnerability VCID-jxr2-qjbz-17ha
61
vulnerability VCID-m756-fmwt-dfbf
62
vulnerability VCID-m9aa-5k15-dfap
63
vulnerability VCID-mapb-drtt-rbez
64
vulnerability VCID-mcrd-q5wz-d7dk
65
vulnerability VCID-mhz5-dnv5-6uas
66
vulnerability VCID-mwu6-2hxd-efc2
67
vulnerability VCID-n6h3-gsty-sua2
68
vulnerability VCID-p7w5-8ynh-xuh4
69
vulnerability VCID-paqt-sa9x-2qcm
70
vulnerability VCID-pnn8-zfvf-wqcf
71
vulnerability VCID-px53-r47y-tbds
72
vulnerability VCID-q7xb-xff7-77cf
73
vulnerability VCID-qbz4-eznm-e3hw
74
vulnerability VCID-qn3n-hpd2-7baf
75
vulnerability VCID-qv8v-b5t4-jqb9
76
vulnerability VCID-r34d-uefq-skam
77
vulnerability VCID-sbqb-c913-rqhb
78
vulnerability VCID-smn4-dvb2-u7hb
79
vulnerability VCID-t6ek-fzh4-mbdu
80
vulnerability VCID-tkcj-gar9-dbbh
81
vulnerability VCID-tpk1-5fw2-pfgc
82
vulnerability VCID-trf7-n9zr-bubx
83
vulnerability VCID-tzjt-fdqe-s7ct
84
vulnerability VCID-uaf3-v6zj-uuc3
85
vulnerability VCID-ud81-gjp6-s3ac
86
vulnerability VCID-uegk-91nv-8be9
87
vulnerability VCID-ur7d-jx1z-kbet
88
vulnerability VCID-uukc-b952-zbgk
89
vulnerability VCID-uxdh-6r6k-h7fr
90
vulnerability VCID-v6d4-h4sz-4yad
91
vulnerability VCID-v9ts-sd7r-gff2
92
vulnerability VCID-w7q9-zspa-pfb7
93
vulnerability VCID-wdud-ckq4-wqfa
94
vulnerability VCID-wura-bb97-rbg7
95
vulnerability VCID-wzbf-bazj-4kgy
96
vulnerability VCID-x7pr-fcen-r7d5
97
vulnerability VCID-xa87-8qgt-t7az
98
vulnerability VCID-xfwh-3838-j7ct
99
vulnerability VCID-xgwg-8q8s-cbfk
100
vulnerability VCID-y92e-mb7u-sueg
101
vulnerability VCID-yah4-88g3-37ak
102
vulnerability VCID-ycet-r6tz-yyhn
103
vulnerability VCID-ypfe-fdqf-cfcn
104
vulnerability VCID-zbp5-8ec3-gfe4
105
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.2.2
aliases CVE-2019-18986, GHSA-8889-9g3f-73rj
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fb1z-259v-g7hp
48
url VCID-fhsn-akes-rqey
vulnerability_id VCID-fhsn-akes-rqey
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0911
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04304
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0911
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
3
reference_url https://github.com/pimcore/pimcore/pull/11447
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/11447
4
reference_url https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0911
reference_id CVE-2022-0911
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0911
6
reference_url https://github.com/advisories/GHSA-j29f-m23h-3p8p
reference_id GHSA-j29f-m23h-3p8p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j29f-m23h-3p8p
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.1
purl pkg:composer/pimcore/pimcore@10.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-7w3s-bvdz-bfht
13
vulnerability VCID-81mh-qb4b-n7a8
14
vulnerability VCID-84sb-282p-abb6
15
vulnerability VCID-8t1x-kdp9-jkag
16
vulnerability VCID-93rb-sj45-w3fh
17
vulnerability VCID-979q-g8dh-1fgw
18
vulnerability VCID-9m1k-bypd-zber
19
vulnerability VCID-9ra4-dac9-7qba
20
vulnerability VCID-a9e8-ky44-s3gc
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fnz2-pbtj-43ak
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-paqt-sa9x-2qcm
54
vulnerability VCID-q7xb-xff7-77cf
55
vulnerability VCID-qbz4-eznm-e3hw
56
vulnerability VCID-qn3n-hpd2-7baf
57
vulnerability VCID-qv8v-b5t4-jqb9
58
vulnerability VCID-t6ek-fzh4-mbdu
59
vulnerability VCID-tkcj-gar9-dbbh
60
vulnerability VCID-uaf3-v6zj-uuc3
61
vulnerability VCID-ud81-gjp6-s3ac
62
vulnerability VCID-ur7d-jx1z-kbet
63
vulnerability VCID-uxdh-6r6k-h7fr
64
vulnerability VCID-v6d4-h4sz-4yad
65
vulnerability VCID-wdud-ckq4-wqfa
66
vulnerability VCID-wzbf-bazj-4kgy
67
vulnerability VCID-xfwh-3838-j7ct
68
vulnerability VCID-xgwg-8q8s-cbfk
69
vulnerability VCID-y92e-mb7u-sueg
70
vulnerability VCID-yah4-88g3-37ak
71
vulnerability VCID-ycet-r6tz-yyhn
72
vulnerability VCID-zbp5-8ec3-gfe4
73
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1
1
url pkg:composer/pimcore/pimcore@10.4.0
purl pkg:composer/pimcore/pimcore@10.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-8t1x-kdp9-jkag
15
vulnerability VCID-93rb-sj45-w3fh
16
vulnerability VCID-979q-g8dh-1fgw
17
vulnerability VCID-9m1k-bypd-zber
18
vulnerability VCID-9ra4-dac9-7qba
19
vulnerability VCID-bb65-xxsn-m3gv
20
vulnerability VCID-c2j7-ywhr-3ff3
21
vulnerability VCID-c5af-wpgt-dkep
22
vulnerability VCID-cbx2-f95n-kqgd
23
vulnerability VCID-cgzf-jppn-q7ff
24
vulnerability VCID-d7zd-p4g6-ryd1
25
vulnerability VCID-de3u-8wqt-uyc2
26
vulnerability VCID-dhdb-wakw-pufe
27
vulnerability VCID-drty-cbue-3kcv
28
vulnerability VCID-e11t-ywn5-v7gp
29
vulnerability VCID-f4vw-12f3-wfgb
30
vulnerability VCID-f5cg-bkw2-hqct
31
vulnerability VCID-f7yk-9pys-t7dr
32
vulnerability VCID-fvku-th2k-93d8
33
vulnerability VCID-gs48-295u-mqdt
34
vulnerability VCID-gs7u-m432-yqaw
35
vulnerability VCID-hed9-c39j-87g2
36
vulnerability VCID-j9qv-7wsq-mkf6
37
vulnerability VCID-jgxx-v2wj-zkfh
38
vulnerability VCID-jx3r-bxmm-hfaw
39
vulnerability VCID-jxr2-qjbz-17ha
40
vulnerability VCID-m9aa-5k15-dfap
41
vulnerability VCID-mapb-drtt-rbez
42
vulnerability VCID-mcrd-q5wz-d7dk
43
vulnerability VCID-mhz5-dnv5-6uas
44
vulnerability VCID-mwu6-2hxd-efc2
45
vulnerability VCID-n6h3-gsty-sua2
46
vulnerability VCID-p7w5-8ynh-xuh4
47
vulnerability VCID-q7xb-xff7-77cf
48
vulnerability VCID-qn3n-hpd2-7baf
49
vulnerability VCID-qv8v-b5t4-jqb9
50
vulnerability VCID-t6ek-fzh4-mbdu
51
vulnerability VCID-tkcj-gar9-dbbh
52
vulnerability VCID-uaf3-v6zj-uuc3
53
vulnerability VCID-ud81-gjp6-s3ac
54
vulnerability VCID-ur7d-jx1z-kbet
55
vulnerability VCID-uxdh-6r6k-h7fr
56
vulnerability VCID-v6d4-h4sz-4yad
57
vulnerability VCID-wdud-ckq4-wqfa
58
vulnerability VCID-wzbf-bazj-4kgy
59
vulnerability VCID-xfwh-3838-j7ct
60
vulnerability VCID-xgwg-8q8s-cbfk
61
vulnerability VCID-y92e-mb7u-sueg
62
vulnerability VCID-yah4-88g3-37ak
63
vulnerability VCID-ycet-r6tz-yyhn
64
vulnerability VCID-zbp5-8ec3-gfe4
65
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0
aliases CVE-2022-0911, GHSA-j29f-m23h-3p8p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhsn-akes-rqey
49
url VCID-fnz2-pbtj-43ak
vulnerability_id VCID-fnz2-pbtj-43ak
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2730
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01589
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2730
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:17:55Z/
url https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878
3
reference_url https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:17:55Z/
url https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2730
reference_id CVE-2023-2730
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2730
5
reference_url https://github.com/advisories/GHSA-q3p4-v2cm-q945
reference_id GHSA-q3p4-v2cm-q945
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3p4-v2cm-q945
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.3
purl pkg:composer/pimcore/pimcore@10.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-354d-zv99-73g6
4
vulnerability VCID-3et6-gmgj-h7bn
5
vulnerability VCID-3ref-crmy-eucd
6
vulnerability VCID-3xpj-x3xh-7ub9
7
vulnerability VCID-4dk6-cfer-t7b5
8
vulnerability VCID-4p8y-eknc-zfgn
9
vulnerability VCID-5qj5-vh6d-7khq
10
vulnerability VCID-5tz5-h4wq-3qfy
11
vulnerability VCID-68hd-e927-4kcu
12
vulnerability VCID-6w41-7cfk-j7cn
13
vulnerability VCID-7w3s-bvdz-bfht
14
vulnerability VCID-81mh-qb4b-n7a8
15
vulnerability VCID-84sb-282p-abb6
16
vulnerability VCID-8t1x-kdp9-jkag
17
vulnerability VCID-93rb-sj45-w3fh
18
vulnerability VCID-979q-g8dh-1fgw
19
vulnerability VCID-9m1k-bypd-zber
20
vulnerability VCID-9ra4-dac9-7qba
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fhsn-akes-rqey
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-q7xb-xff7-77cf
54
vulnerability VCID-qn3n-hpd2-7baf
55
vulnerability VCID-qv8v-b5t4-jqb9
56
vulnerability VCID-t6ek-fzh4-mbdu
57
vulnerability VCID-tkcj-gar9-dbbh
58
vulnerability VCID-uaf3-v6zj-uuc3
59
vulnerability VCID-ud81-gjp6-s3ac
60
vulnerability VCID-ur7d-jx1z-kbet
61
vulnerability VCID-uxdh-6r6k-h7fr
62
vulnerability VCID-v6d4-h4sz-4yad
63
vulnerability VCID-v9ts-sd7r-gff2
64
vulnerability VCID-wdud-ckq4-wqfa
65
vulnerability VCID-wzbf-bazj-4kgy
66
vulnerability VCID-xfwh-3838-j7ct
67
vulnerability VCID-xgwg-8q8s-cbfk
68
vulnerability VCID-y92e-mb7u-sueg
69
vulnerability VCID-yah4-88g3-37ak
70
vulnerability VCID-ycet-r6tz-yyhn
71
vulnerability VCID-zbp5-8ec3-gfe4
72
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.3
aliases CVE-2023-2730, GHSA-q3p4-v2cm-q945
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnz2-pbtj-43ak
50
url VCID-fpuf-6uyn-hydv
vulnerability_id VCID-fpuf-6uyn-hydv
summary Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0263
reference_id
reference_type
scores
0
value 4e-05
scoring_system epss
scoring_elements 0.00209
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0263
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911
3
reference_url https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0263
reference_id CVE-2022-0263
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0263
5
reference_url https://github.com/advisories/GHSA-c697-r227-pq6h
reference_id GHSA-c697-r227-pq6h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c697-r227-pq6h
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.7
purl pkg:composer/pimcore/pimcore@10.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fvku-th2k-93d8
42
vulnerability VCID-gda3-s5cp-w7d4
43
vulnerability VCID-gs48-295u-mqdt
44
vulnerability VCID-gs7u-m432-yqaw
45
vulnerability VCID-hed9-c39j-87g2
46
vulnerability VCID-hn1d-5fbq-cyc7
47
vulnerability VCID-hvgj-5hjn-cbhb
48
vulnerability VCID-j5pq-ekja-jffv
49
vulnerability VCID-j9qv-7wsq-mkf6
50
vulnerability VCID-jgxx-v2wj-zkfh
51
vulnerability VCID-jx3r-bxmm-hfaw
52
vulnerability VCID-jxr2-qjbz-17ha
53
vulnerability VCID-m756-fmwt-dfbf
54
vulnerability VCID-m9aa-5k15-dfap
55
vulnerability VCID-mapb-drtt-rbez
56
vulnerability VCID-mcrd-q5wz-d7dk
57
vulnerability VCID-mhz5-dnv5-6uas
58
vulnerability VCID-mwu6-2hxd-efc2
59
vulnerability VCID-n6h3-gsty-sua2
60
vulnerability VCID-p7w5-8ynh-xuh4
61
vulnerability VCID-paqt-sa9x-2qcm
62
vulnerability VCID-pnn8-zfvf-wqcf
63
vulnerability VCID-q7xb-xff7-77cf
64
vulnerability VCID-qbz4-eznm-e3hw
65
vulnerability VCID-qn3n-hpd2-7baf
66
vulnerability VCID-qv8v-b5t4-jqb9
67
vulnerability VCID-sbqb-c913-rqhb
68
vulnerability VCID-t6ek-fzh4-mbdu
69
vulnerability VCID-tkcj-gar9-dbbh
70
vulnerability VCID-uaf3-v6zj-uuc3
71
vulnerability VCID-ud81-gjp6-s3ac
72
vulnerability VCID-ur7d-jx1z-kbet
73
vulnerability VCID-uxdh-6r6k-h7fr
74
vulnerability VCID-v6d4-h4sz-4yad
75
vulnerability VCID-v9ts-sd7r-gff2
76
vulnerability VCID-wdud-ckq4-wqfa
77
vulnerability VCID-wzbf-bazj-4kgy
78
vulnerability VCID-xa87-8qgt-t7az
79
vulnerability VCID-xfwh-3838-j7ct
80
vulnerability VCID-xgwg-8q8s-cbfk
81
vulnerability VCID-y92e-mb7u-sueg
82
vulnerability VCID-yah4-88g3-37ak
83
vulnerability VCID-ycet-r6tz-yyhn
84
vulnerability VCID-zbp5-8ec3-gfe4
85
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7
aliases CVE-2022-0263, GHSA-c697-r227-pq6h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpuf-6uyn-hydv
51
url VCID-fvku-th2k-93d8
vulnerability_id VCID-fvku-th2k-93d8
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pimcore/pimcore.
references
0
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
1
reference_url https://github.com/advisories/GHSA-76r7-h46w-463r
reference_id GHSA-76r7-h46w-463r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-76r7-h46w-463r
2
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-76r7-h46w-463r
reference_id GHSA-76r7-h46w-463r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-76r7-h46w-463r
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.17
purl pkg:composer/pimcore/pimcore@10.5.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-4p8y-eknc-zfgn
7
vulnerability VCID-5qj5-vh6d-7khq
8
vulnerability VCID-5tz5-h4wq-3qfy
9
vulnerability VCID-68hd-e927-4kcu
10
vulnerability VCID-6w41-7cfk-j7cn
11
vulnerability VCID-81mh-qb4b-n7a8
12
vulnerability VCID-93rb-sj45-w3fh
13
vulnerability VCID-979q-g8dh-1fgw
14
vulnerability VCID-9m1k-bypd-zber
15
vulnerability VCID-9ra4-dac9-7qba
16
vulnerability VCID-bb65-xxsn-m3gv
17
vulnerability VCID-c2j7-ywhr-3ff3
18
vulnerability VCID-c5af-wpgt-dkep
19
vulnerability VCID-cbx2-f95n-kqgd
20
vulnerability VCID-cgzf-jppn-q7ff
21
vulnerability VCID-d7zd-p4g6-ryd1
22
vulnerability VCID-de3u-8wqt-uyc2
23
vulnerability VCID-dhdb-wakw-pufe
24
vulnerability VCID-drty-cbue-3kcv
25
vulnerability VCID-e11t-ywn5-v7gp
26
vulnerability VCID-f4vw-12f3-wfgb
27
vulnerability VCID-f5cg-bkw2-hqct
28
vulnerability VCID-f7yk-9pys-t7dr
29
vulnerability VCID-gs48-295u-mqdt
30
vulnerability VCID-hed9-c39j-87g2
31
vulnerability VCID-j9qv-7wsq-mkf6
32
vulnerability VCID-jgxx-v2wj-zkfh
33
vulnerability VCID-jx3r-bxmm-hfaw
34
vulnerability VCID-jxr2-qjbz-17ha
35
vulnerability VCID-m9aa-5k15-dfap
36
vulnerability VCID-mapb-drtt-rbez
37
vulnerability VCID-mcrd-q5wz-d7dk
38
vulnerability VCID-mwu6-2hxd-efc2
39
vulnerability VCID-n6h3-gsty-sua2
40
vulnerability VCID-p7w5-8ynh-xuh4
41
vulnerability VCID-q7xb-xff7-77cf
42
vulnerability VCID-qn3n-hpd2-7baf
43
vulnerability VCID-qv8v-b5t4-jqb9
44
vulnerability VCID-t6ek-fzh4-mbdu
45
vulnerability VCID-tkcj-gar9-dbbh
46
vulnerability VCID-uaf3-v6zj-uuc3
47
vulnerability VCID-ur7d-jx1z-kbet
48
vulnerability VCID-uxdh-6r6k-h7fr
49
vulnerability VCID-v6d4-h4sz-4yad
50
vulnerability VCID-wdud-ckq4-wqfa
51
vulnerability VCID-wzbf-bazj-4kgy
52
vulnerability VCID-xfwh-3838-j7ct
53
vulnerability VCID-xgwg-8q8s-cbfk
54
vulnerability VCID-y92e-mb7u-sueg
55
vulnerability VCID-yah4-88g3-37ak
56
vulnerability VCID-ycet-r6tz-yyhn
57
vulnerability VCID-zbp5-8ec3-gfe4
58
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.17
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases GHSA-76r7-h46w-463r, GMS-2023-363
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fvku-th2k-93d8
52
url VCID-gda3-s5cp-w7d4
vulnerability_id VCID-gda3-s5cp-w7d4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1351
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07533
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1351
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac
3
reference_url https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1351
reference_id CVE-2022-1351
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1351
5
reference_url https://github.com/advisories/GHSA-xcr3-4qvr-54rh
reference_id GHSA-xcr3-4qvr-54rh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xcr3-4qvr-54rh
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.4.0
purl pkg:composer/pimcore/pimcore@10.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-8t1x-kdp9-jkag
15
vulnerability VCID-93rb-sj45-w3fh
16
vulnerability VCID-979q-g8dh-1fgw
17
vulnerability VCID-9m1k-bypd-zber
18
vulnerability VCID-9ra4-dac9-7qba
19
vulnerability VCID-bb65-xxsn-m3gv
20
vulnerability VCID-c2j7-ywhr-3ff3
21
vulnerability VCID-c5af-wpgt-dkep
22
vulnerability VCID-cbx2-f95n-kqgd
23
vulnerability VCID-cgzf-jppn-q7ff
24
vulnerability VCID-d7zd-p4g6-ryd1
25
vulnerability VCID-de3u-8wqt-uyc2
26
vulnerability VCID-dhdb-wakw-pufe
27
vulnerability VCID-drty-cbue-3kcv
28
vulnerability VCID-e11t-ywn5-v7gp
29
vulnerability VCID-f4vw-12f3-wfgb
30
vulnerability VCID-f5cg-bkw2-hqct
31
vulnerability VCID-f7yk-9pys-t7dr
32
vulnerability VCID-fvku-th2k-93d8
33
vulnerability VCID-gs48-295u-mqdt
34
vulnerability VCID-gs7u-m432-yqaw
35
vulnerability VCID-hed9-c39j-87g2
36
vulnerability VCID-j9qv-7wsq-mkf6
37
vulnerability VCID-jgxx-v2wj-zkfh
38
vulnerability VCID-jx3r-bxmm-hfaw
39
vulnerability VCID-jxr2-qjbz-17ha
40
vulnerability VCID-m9aa-5k15-dfap
41
vulnerability VCID-mapb-drtt-rbez
42
vulnerability VCID-mcrd-q5wz-d7dk
43
vulnerability VCID-mhz5-dnv5-6uas
44
vulnerability VCID-mwu6-2hxd-efc2
45
vulnerability VCID-n6h3-gsty-sua2
46
vulnerability VCID-p7w5-8ynh-xuh4
47
vulnerability VCID-q7xb-xff7-77cf
48
vulnerability VCID-qn3n-hpd2-7baf
49
vulnerability VCID-qv8v-b5t4-jqb9
50
vulnerability VCID-t6ek-fzh4-mbdu
51
vulnerability VCID-tkcj-gar9-dbbh
52
vulnerability VCID-uaf3-v6zj-uuc3
53
vulnerability VCID-ud81-gjp6-s3ac
54
vulnerability VCID-ur7d-jx1z-kbet
55
vulnerability VCID-uxdh-6r6k-h7fr
56
vulnerability VCID-v6d4-h4sz-4yad
57
vulnerability VCID-wdud-ckq4-wqfa
58
vulnerability VCID-wzbf-bazj-4kgy
59
vulnerability VCID-xfwh-3838-j7ct
60
vulnerability VCID-xgwg-8q8s-cbfk
61
vulnerability VCID-y92e-mb7u-sueg
62
vulnerability VCID-yah4-88g3-37ak
63
vulnerability VCID-ycet-r6tz-yyhn
64
vulnerability VCID-zbp5-8ec3-gfe4
65
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0
aliases CVE-2022-1351, GHSA-xcr3-4qvr-54rh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gda3-s5cp-w7d4
53
url VCID-ggje-p3cm-fyhe
vulnerability_id VCID-ggje-p3cm-fyhe
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0262
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13846
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0262
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7
3
reference_url https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0262
reference_id CVE-2022-0262
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0262
5
reference_url https://github.com/advisories/GHSA-4f5x-q4jc-xfcf
reference_id GHSA-4f5x-q4jc-xfcf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4f5x-q4jc-xfcf
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.7
purl pkg:composer/pimcore/pimcore@10.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fvku-th2k-93d8
42
vulnerability VCID-gda3-s5cp-w7d4
43
vulnerability VCID-gs48-295u-mqdt
44
vulnerability VCID-gs7u-m432-yqaw
45
vulnerability VCID-hed9-c39j-87g2
46
vulnerability VCID-hn1d-5fbq-cyc7
47
vulnerability VCID-hvgj-5hjn-cbhb
48
vulnerability VCID-j5pq-ekja-jffv
49
vulnerability VCID-j9qv-7wsq-mkf6
50
vulnerability VCID-jgxx-v2wj-zkfh
51
vulnerability VCID-jx3r-bxmm-hfaw
52
vulnerability VCID-jxr2-qjbz-17ha
53
vulnerability VCID-m756-fmwt-dfbf
54
vulnerability VCID-m9aa-5k15-dfap
55
vulnerability VCID-mapb-drtt-rbez
56
vulnerability VCID-mcrd-q5wz-d7dk
57
vulnerability VCID-mhz5-dnv5-6uas
58
vulnerability VCID-mwu6-2hxd-efc2
59
vulnerability VCID-n6h3-gsty-sua2
60
vulnerability VCID-p7w5-8ynh-xuh4
61
vulnerability VCID-paqt-sa9x-2qcm
62
vulnerability VCID-pnn8-zfvf-wqcf
63
vulnerability VCID-q7xb-xff7-77cf
64
vulnerability VCID-qbz4-eznm-e3hw
65
vulnerability VCID-qn3n-hpd2-7baf
66
vulnerability VCID-qv8v-b5t4-jqb9
67
vulnerability VCID-sbqb-c913-rqhb
68
vulnerability VCID-t6ek-fzh4-mbdu
69
vulnerability VCID-tkcj-gar9-dbbh
70
vulnerability VCID-uaf3-v6zj-uuc3
71
vulnerability VCID-ud81-gjp6-s3ac
72
vulnerability VCID-ur7d-jx1z-kbet
73
vulnerability VCID-uxdh-6r6k-h7fr
74
vulnerability VCID-v6d4-h4sz-4yad
75
vulnerability VCID-v9ts-sd7r-gff2
76
vulnerability VCID-wdud-ckq4-wqfa
77
vulnerability VCID-wzbf-bazj-4kgy
78
vulnerability VCID-xa87-8qgt-t7az
79
vulnerability VCID-xfwh-3838-j7ct
80
vulnerability VCID-xgwg-8q8s-cbfk
81
vulnerability VCID-y92e-mb7u-sueg
82
vulnerability VCID-yah4-88g3-37ak
83
vulnerability VCID-ycet-r6tz-yyhn
84
vulnerability VCID-zbp5-8ec3-gfe4
85
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7
aliases CVE-2022-0262, GHSA-4f5x-q4jc-xfcf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggje-p3cm-fyhe
54
url VCID-gs48-295u-mqdt
vulnerability_id VCID-gs48-295u-mqdt
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1286
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01433
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1286
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:33:06Z/
url https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18
3
reference_url https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:33:06Z/
url https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1286
reference_id CVE-2023-1286
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1286
5
reference_url https://github.com/advisories/GHSA-8jv7-vwrc-mv4g
reference_id GHSA-8jv7-vwrc-mv4g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jv7-vwrc-mv4g
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1286, GHSA-8jv7-vwrc-mv4g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gs48-295u-mqdt
55
url VCID-gs7u-m432-yqaw
vulnerability_id VCID-gs7u-m432-yqaw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0323
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.00218
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0323
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:07:52Z/
url https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04
3
reference_url https://github.com/pimcore/pimcore/pull/13916.patch
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/13916.patch
4
reference_url https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:07:52Z/
url https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0323
reference_id CVE-2023-0323
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0323
6
reference_url https://github.com/advisories/GHSA-6vf6-g3pr-j83h
reference_id GHSA-6vf6-g3pr-j83h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6vf6-g3pr-j83h
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-6vf6-g3pr-j83h
reference_id GHSA-6vf6-g3pr-j83h
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-6vf6-g3pr-j83h
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.14
purl pkg:composer/pimcore/pimcore@10.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-4p8y-eknc-zfgn
7
vulnerability VCID-5qj5-vh6d-7khq
8
vulnerability VCID-5tz5-h4wq-3qfy
9
vulnerability VCID-68hd-e927-4kcu
10
vulnerability VCID-6w41-7cfk-j7cn
11
vulnerability VCID-81mh-qb4b-n7a8
12
vulnerability VCID-93rb-sj45-w3fh
13
vulnerability VCID-979q-g8dh-1fgw
14
vulnerability VCID-9m1k-bypd-zber
15
vulnerability VCID-9ra4-dac9-7qba
16
vulnerability VCID-bb65-xxsn-m3gv
17
vulnerability VCID-c2j7-ywhr-3ff3
18
vulnerability VCID-c5af-wpgt-dkep
19
vulnerability VCID-cbx2-f95n-kqgd
20
vulnerability VCID-cgzf-jppn-q7ff
21
vulnerability VCID-d7zd-p4g6-ryd1
22
vulnerability VCID-de3u-8wqt-uyc2
23
vulnerability VCID-dhdb-wakw-pufe
24
vulnerability VCID-drty-cbue-3kcv
25
vulnerability VCID-e11t-ywn5-v7gp
26
vulnerability VCID-f4vw-12f3-wfgb
27
vulnerability VCID-f5cg-bkw2-hqct
28
vulnerability VCID-f7yk-9pys-t7dr
29
vulnerability VCID-fvku-th2k-93d8
30
vulnerability VCID-gs48-295u-mqdt
31
vulnerability VCID-hed9-c39j-87g2
32
vulnerability VCID-j9qv-7wsq-mkf6
33
vulnerability VCID-jgxx-v2wj-zkfh
34
vulnerability VCID-jx3r-bxmm-hfaw
35
vulnerability VCID-jxr2-qjbz-17ha
36
vulnerability VCID-m9aa-5k15-dfap
37
vulnerability VCID-mapb-drtt-rbez
38
vulnerability VCID-mcrd-q5wz-d7dk
39
vulnerability VCID-mwu6-2hxd-efc2
40
vulnerability VCID-n6h3-gsty-sua2
41
vulnerability VCID-p7w5-8ynh-xuh4
42
vulnerability VCID-q7xb-xff7-77cf
43
vulnerability VCID-qn3n-hpd2-7baf
44
vulnerability VCID-qv8v-b5t4-jqb9
45
vulnerability VCID-t6ek-fzh4-mbdu
46
vulnerability VCID-tkcj-gar9-dbbh
47
vulnerability VCID-uaf3-v6zj-uuc3
48
vulnerability VCID-ud81-gjp6-s3ac
49
vulnerability VCID-ur7d-jx1z-kbet
50
vulnerability VCID-uxdh-6r6k-h7fr
51
vulnerability VCID-v6d4-h4sz-4yad
52
vulnerability VCID-wdud-ckq4-wqfa
53
vulnerability VCID-wzbf-bazj-4kgy
54
vulnerability VCID-xfwh-3838-j7ct
55
vulnerability VCID-xgwg-8q8s-cbfk
56
vulnerability VCID-y92e-mb7u-sueg
57
vulnerability VCID-yah4-88g3-37ak
58
vulnerability VCID-ycet-r6tz-yyhn
59
vulnerability VCID-zbp5-8ec3-gfe4
60
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.14
aliases CVE-2023-0323, GHSA-6vf6-g3pr-j83h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gs7u-m432-yqaw
56
url VCID-hed9-c39j-87g2
vulnerability_id VCID-hed9-c39j-87g2
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3820
reference_id
reference_type
scores
0
value 0.41187
scoring_system epss
scoring_elements 0.97459
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3820
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T13:29:49Z/
url https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97
3
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-c9hw-557q-f8hq
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-c9hw-557q-f8hq
4
reference_url https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T13:29:49Z/
url https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3820
reference_id CVE-2023-3820
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3820
6
reference_url https://github.com/advisories/GHSA-c9hw-557q-f8hq
reference_id GHSA-c9hw-557q-f8hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c9hw-557q-f8hq
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.6.4
purl pkg:composer/pimcore/pimcore@10.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-bb65-xxsn-m3gv
2
vulnerability VCID-cbx2-f95n-kqgd
3
vulnerability VCID-de3u-8wqt-uyc2
4
vulnerability VCID-dhdb-wakw-pufe
5
vulnerability VCID-f4vw-12f3-wfgb
6
vulnerability VCID-f5cg-bkw2-hqct
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4
aliases CVE-2023-3820, GHSA-c9hw-557q-f8hq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hed9-c39j-87g2
57
url VCID-hn1d-5fbq-cyc7
vulnerability_id VCID-hn1d-5fbq-cyc7
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0509
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17108
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0509
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597
3
reference_url https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0509
reference_id CVE-2022-0509
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0509
5
reference_url https://github.com/advisories/GHSA-cg3h-rc9q-g8v9
reference_id GHSA-cg3h-rc9q-g8v9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg3h-rc9q-g8v9
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.1
purl pkg:composer/pimcore/pimcore@10.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-7w3s-bvdz-bfht
13
vulnerability VCID-81mh-qb4b-n7a8
14
vulnerability VCID-84sb-282p-abb6
15
vulnerability VCID-8t1x-kdp9-jkag
16
vulnerability VCID-93rb-sj45-w3fh
17
vulnerability VCID-979q-g8dh-1fgw
18
vulnerability VCID-9m1k-bypd-zber
19
vulnerability VCID-9ra4-dac9-7qba
20
vulnerability VCID-a9e8-ky44-s3gc
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fnz2-pbtj-43ak
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-paqt-sa9x-2qcm
54
vulnerability VCID-q7xb-xff7-77cf
55
vulnerability VCID-qbz4-eznm-e3hw
56
vulnerability VCID-qn3n-hpd2-7baf
57
vulnerability VCID-qv8v-b5t4-jqb9
58
vulnerability VCID-t6ek-fzh4-mbdu
59
vulnerability VCID-tkcj-gar9-dbbh
60
vulnerability VCID-uaf3-v6zj-uuc3
61
vulnerability VCID-ud81-gjp6-s3ac
62
vulnerability VCID-ur7d-jx1z-kbet
63
vulnerability VCID-uxdh-6r6k-h7fr
64
vulnerability VCID-v6d4-h4sz-4yad
65
vulnerability VCID-wdud-ckq4-wqfa
66
vulnerability VCID-wzbf-bazj-4kgy
67
vulnerability VCID-xfwh-3838-j7ct
68
vulnerability VCID-xgwg-8q8s-cbfk
69
vulnerability VCID-y92e-mb7u-sueg
70
vulnerability VCID-yah4-88g3-37ak
71
vulnerability VCID-ycet-r6tz-yyhn
72
vulnerability VCID-zbp5-8ec3-gfe4
73
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1
aliases CVE-2022-0509, GHSA-cg3h-rc9q-g8v9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hn1d-5fbq-cyc7
58
url VCID-hvgj-5hjn-cbhb
vulnerability_id VCID-hvgj-5hjn-cbhb
summary pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0257
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05926
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0257
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d
3
reference_url https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0257
reference_id CVE-2022-0257
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0257
5
reference_url https://github.com/advisories/GHSA-v567-q267-phpg
reference_id GHSA-v567-q267-phpg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v567-q267-phpg
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.8
purl pkg:composer/pimcore/pimcore@10.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fvku-th2k-93d8
42
vulnerability VCID-gda3-s5cp-w7d4
43
vulnerability VCID-gs48-295u-mqdt
44
vulnerability VCID-gs7u-m432-yqaw
45
vulnerability VCID-hed9-c39j-87g2
46
vulnerability VCID-hn1d-5fbq-cyc7
47
vulnerability VCID-j9qv-7wsq-mkf6
48
vulnerability VCID-jgxx-v2wj-zkfh
49
vulnerability VCID-jx3r-bxmm-hfaw
50
vulnerability VCID-jxr2-qjbz-17ha
51
vulnerability VCID-m756-fmwt-dfbf
52
vulnerability VCID-m9aa-5k15-dfap
53
vulnerability VCID-mapb-drtt-rbez
54
vulnerability VCID-mcrd-q5wz-d7dk
55
vulnerability VCID-mhz5-dnv5-6uas
56
vulnerability VCID-mwu6-2hxd-efc2
57
vulnerability VCID-n6h3-gsty-sua2
58
vulnerability VCID-p7w5-8ynh-xuh4
59
vulnerability VCID-paqt-sa9x-2qcm
60
vulnerability VCID-q7xb-xff7-77cf
61
vulnerability VCID-qbz4-eznm-e3hw
62
vulnerability VCID-qn3n-hpd2-7baf
63
vulnerability VCID-qv8v-b5t4-jqb9
64
vulnerability VCID-sbqb-c913-rqhb
65
vulnerability VCID-t6ek-fzh4-mbdu
66
vulnerability VCID-tkcj-gar9-dbbh
67
vulnerability VCID-uaf3-v6zj-uuc3
68
vulnerability VCID-ud81-gjp6-s3ac
69
vulnerability VCID-ur7d-jx1z-kbet
70
vulnerability VCID-uxdh-6r6k-h7fr
71
vulnerability VCID-v6d4-h4sz-4yad
72
vulnerability VCID-v9ts-sd7r-gff2
73
vulnerability VCID-wdud-ckq4-wqfa
74
vulnerability VCID-wzbf-bazj-4kgy
75
vulnerability VCID-xa87-8qgt-t7az
76
vulnerability VCID-xfwh-3838-j7ct
77
vulnerability VCID-xgwg-8q8s-cbfk
78
vulnerability VCID-y92e-mb7u-sueg
79
vulnerability VCID-yah4-88g3-37ak
80
vulnerability VCID-ycet-r6tz-yyhn
81
vulnerability VCID-zbp5-8ec3-gfe4
82
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.8
1
url pkg:composer/pimcore/pimcore@10.2.9
purl pkg:composer/pimcore/pimcore@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-2jc7-hjcd-3qfb
4
vulnerability VCID-354d-zv99-73g6
5
vulnerability VCID-3et6-gmgj-h7bn
6
vulnerability VCID-3ref-crmy-eucd
7
vulnerability VCID-3xpj-x3xh-7ub9
8
vulnerability VCID-4dk6-cfer-t7b5
9
vulnerability VCID-4p8y-eknc-zfgn
10
vulnerability VCID-5qj5-vh6d-7khq
11
vulnerability VCID-5tz5-h4wq-3qfy
12
vulnerability VCID-68hd-e927-4kcu
13
vulnerability VCID-6w41-7cfk-j7cn
14
vulnerability VCID-7w3s-bvdz-bfht
15
vulnerability VCID-81mh-qb4b-n7a8
16
vulnerability VCID-84sb-282p-abb6
17
vulnerability VCID-8t1x-kdp9-jkag
18
vulnerability VCID-93rb-sj45-w3fh
19
vulnerability VCID-979q-g8dh-1fgw
20
vulnerability VCID-97te-6pwk-bbb4
21
vulnerability VCID-9m1k-bypd-zber
22
vulnerability VCID-9ra4-dac9-7qba
23
vulnerability VCID-a9e8-ky44-s3gc
24
vulnerability VCID-bb65-xxsn-m3gv
25
vulnerability VCID-bz3s-p33z-kqf2
26
vulnerability VCID-c2j7-ywhr-3ff3
27
vulnerability VCID-c5af-wpgt-dkep
28
vulnerability VCID-cbx2-f95n-kqgd
29
vulnerability VCID-cgzf-jppn-q7ff
30
vulnerability VCID-d7zd-p4g6-ryd1
31
vulnerability VCID-de3u-8wqt-uyc2
32
vulnerability VCID-dhdb-wakw-pufe
33
vulnerability VCID-drty-cbue-3kcv
34
vulnerability VCID-e11t-ywn5-v7gp
35
vulnerability VCID-f4vw-12f3-wfgb
36
vulnerability VCID-f5cg-bkw2-hqct
37
vulnerability VCID-f7yk-9pys-t7dr
38
vulnerability VCID-fhsn-akes-rqey
39
vulnerability VCID-fnz2-pbtj-43ak
40
vulnerability VCID-fvku-th2k-93d8
41
vulnerability VCID-gda3-s5cp-w7d4
42
vulnerability VCID-gs48-295u-mqdt
43
vulnerability VCID-gs7u-m432-yqaw
44
vulnerability VCID-hed9-c39j-87g2
45
vulnerability VCID-hn1d-5fbq-cyc7
46
vulnerability VCID-j9qv-7wsq-mkf6
47
vulnerability VCID-jgxx-v2wj-zkfh
48
vulnerability VCID-jx3r-bxmm-hfaw
49
vulnerability VCID-jxr2-qjbz-17ha
50
vulnerability VCID-m756-fmwt-dfbf
51
vulnerability VCID-m9aa-5k15-dfap
52
vulnerability VCID-mapb-drtt-rbez
53
vulnerability VCID-mcrd-q5wz-d7dk
54
vulnerability VCID-mhz5-dnv5-6uas
55
vulnerability VCID-mwu6-2hxd-efc2
56
vulnerability VCID-n6h3-gsty-sua2
57
vulnerability VCID-p7w5-8ynh-xuh4
58
vulnerability VCID-paqt-sa9x-2qcm
59
vulnerability VCID-px53-r47y-tbds
60
vulnerability VCID-q7xb-xff7-77cf
61
vulnerability VCID-qbz4-eznm-e3hw
62
vulnerability VCID-qn3n-hpd2-7baf
63
vulnerability VCID-qv8v-b5t4-jqb9
64
vulnerability VCID-sbqb-c913-rqhb
65
vulnerability VCID-t6ek-fzh4-mbdu
66
vulnerability VCID-tkcj-gar9-dbbh
67
vulnerability VCID-uaf3-v6zj-uuc3
68
vulnerability VCID-ud81-gjp6-s3ac
69
vulnerability VCID-ur7d-jx1z-kbet
70
vulnerability VCID-uxdh-6r6k-h7fr
71
vulnerability VCID-v6d4-h4sz-4yad
72
vulnerability VCID-v9ts-sd7r-gff2
73
vulnerability VCID-wdud-ckq4-wqfa
74
vulnerability VCID-wzbf-bazj-4kgy
75
vulnerability VCID-xa87-8qgt-t7az
76
vulnerability VCID-xfwh-3838-j7ct
77
vulnerability VCID-xgwg-8q8s-cbfk
78
vulnerability VCID-y92e-mb7u-sueg
79
vulnerability VCID-yah4-88g3-37ak
80
vulnerability VCID-ycet-r6tz-yyhn
81
vulnerability VCID-zbp5-8ec3-gfe4
82
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9
aliases CVE-2022-0257, GHSA-v567-q267-phpg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvgj-5hjn-cbhb
59
url VCID-j5pq-ekja-jffv
vulnerability_id VCID-j5pq-ekja-jffv
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0258
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09786
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0258
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd
3
reference_url https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0258
reference_id CVE-2022-0258
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0258
5
reference_url https://github.com/advisories/GHSA-vj9x-w7ch-f46p
reference_id GHSA-vj9x-w7ch-f46p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vj9x-w7ch-f46p
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.8
purl pkg:composer/pimcore/pimcore@10.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fvku-th2k-93d8
42
vulnerability VCID-gda3-s5cp-w7d4
43
vulnerability VCID-gs48-295u-mqdt
44
vulnerability VCID-gs7u-m432-yqaw
45
vulnerability VCID-hed9-c39j-87g2
46
vulnerability VCID-hn1d-5fbq-cyc7
47
vulnerability VCID-j9qv-7wsq-mkf6
48
vulnerability VCID-jgxx-v2wj-zkfh
49
vulnerability VCID-jx3r-bxmm-hfaw
50
vulnerability VCID-jxr2-qjbz-17ha
51
vulnerability VCID-m756-fmwt-dfbf
52
vulnerability VCID-m9aa-5k15-dfap
53
vulnerability VCID-mapb-drtt-rbez
54
vulnerability VCID-mcrd-q5wz-d7dk
55
vulnerability VCID-mhz5-dnv5-6uas
56
vulnerability VCID-mwu6-2hxd-efc2
57
vulnerability VCID-n6h3-gsty-sua2
58
vulnerability VCID-p7w5-8ynh-xuh4
59
vulnerability VCID-paqt-sa9x-2qcm
60
vulnerability VCID-q7xb-xff7-77cf
61
vulnerability VCID-qbz4-eznm-e3hw
62
vulnerability VCID-qn3n-hpd2-7baf
63
vulnerability VCID-qv8v-b5t4-jqb9
64
vulnerability VCID-sbqb-c913-rqhb
65
vulnerability VCID-t6ek-fzh4-mbdu
66
vulnerability VCID-tkcj-gar9-dbbh
67
vulnerability VCID-uaf3-v6zj-uuc3
68
vulnerability VCID-ud81-gjp6-s3ac
69
vulnerability VCID-ur7d-jx1z-kbet
70
vulnerability VCID-uxdh-6r6k-h7fr
71
vulnerability VCID-v6d4-h4sz-4yad
72
vulnerability VCID-v9ts-sd7r-gff2
73
vulnerability VCID-wdud-ckq4-wqfa
74
vulnerability VCID-wzbf-bazj-4kgy
75
vulnerability VCID-xa87-8qgt-t7az
76
vulnerability VCID-xfwh-3838-j7ct
77
vulnerability VCID-xgwg-8q8s-cbfk
78
vulnerability VCID-y92e-mb7u-sueg
79
vulnerability VCID-yah4-88g3-37ak
80
vulnerability VCID-ycet-r6tz-yyhn
81
vulnerability VCID-zbp5-8ec3-gfe4
82
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.8
1
url pkg:composer/pimcore/pimcore@10.2.9
purl pkg:composer/pimcore/pimcore@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-2jc7-hjcd-3qfb
4
vulnerability VCID-354d-zv99-73g6
5
vulnerability VCID-3et6-gmgj-h7bn
6
vulnerability VCID-3ref-crmy-eucd
7
vulnerability VCID-3xpj-x3xh-7ub9
8
vulnerability VCID-4dk6-cfer-t7b5
9
vulnerability VCID-4p8y-eknc-zfgn
10
vulnerability VCID-5qj5-vh6d-7khq
11
vulnerability VCID-5tz5-h4wq-3qfy
12
vulnerability VCID-68hd-e927-4kcu
13
vulnerability VCID-6w41-7cfk-j7cn
14
vulnerability VCID-7w3s-bvdz-bfht
15
vulnerability VCID-81mh-qb4b-n7a8
16
vulnerability VCID-84sb-282p-abb6
17
vulnerability VCID-8t1x-kdp9-jkag
18
vulnerability VCID-93rb-sj45-w3fh
19
vulnerability VCID-979q-g8dh-1fgw
20
vulnerability VCID-97te-6pwk-bbb4
21
vulnerability VCID-9m1k-bypd-zber
22
vulnerability VCID-9ra4-dac9-7qba
23
vulnerability VCID-a9e8-ky44-s3gc
24
vulnerability VCID-bb65-xxsn-m3gv
25
vulnerability VCID-bz3s-p33z-kqf2
26
vulnerability VCID-c2j7-ywhr-3ff3
27
vulnerability VCID-c5af-wpgt-dkep
28
vulnerability VCID-cbx2-f95n-kqgd
29
vulnerability VCID-cgzf-jppn-q7ff
30
vulnerability VCID-d7zd-p4g6-ryd1
31
vulnerability VCID-de3u-8wqt-uyc2
32
vulnerability VCID-dhdb-wakw-pufe
33
vulnerability VCID-drty-cbue-3kcv
34
vulnerability VCID-e11t-ywn5-v7gp
35
vulnerability VCID-f4vw-12f3-wfgb
36
vulnerability VCID-f5cg-bkw2-hqct
37
vulnerability VCID-f7yk-9pys-t7dr
38
vulnerability VCID-fhsn-akes-rqey
39
vulnerability VCID-fnz2-pbtj-43ak
40
vulnerability VCID-fvku-th2k-93d8
41
vulnerability VCID-gda3-s5cp-w7d4
42
vulnerability VCID-gs48-295u-mqdt
43
vulnerability VCID-gs7u-m432-yqaw
44
vulnerability VCID-hed9-c39j-87g2
45
vulnerability VCID-hn1d-5fbq-cyc7
46
vulnerability VCID-j9qv-7wsq-mkf6
47
vulnerability VCID-jgxx-v2wj-zkfh
48
vulnerability VCID-jx3r-bxmm-hfaw
49
vulnerability VCID-jxr2-qjbz-17ha
50
vulnerability VCID-m756-fmwt-dfbf
51
vulnerability VCID-m9aa-5k15-dfap
52
vulnerability VCID-mapb-drtt-rbez
53
vulnerability VCID-mcrd-q5wz-d7dk
54
vulnerability VCID-mhz5-dnv5-6uas
55
vulnerability VCID-mwu6-2hxd-efc2
56
vulnerability VCID-n6h3-gsty-sua2
57
vulnerability VCID-p7w5-8ynh-xuh4
58
vulnerability VCID-paqt-sa9x-2qcm
59
vulnerability VCID-px53-r47y-tbds
60
vulnerability VCID-q7xb-xff7-77cf
61
vulnerability VCID-qbz4-eznm-e3hw
62
vulnerability VCID-qn3n-hpd2-7baf
63
vulnerability VCID-qv8v-b5t4-jqb9
64
vulnerability VCID-sbqb-c913-rqhb
65
vulnerability VCID-t6ek-fzh4-mbdu
66
vulnerability VCID-tkcj-gar9-dbbh
67
vulnerability VCID-uaf3-v6zj-uuc3
68
vulnerability VCID-ud81-gjp6-s3ac
69
vulnerability VCID-ur7d-jx1z-kbet
70
vulnerability VCID-uxdh-6r6k-h7fr
71
vulnerability VCID-v6d4-h4sz-4yad
72
vulnerability VCID-v9ts-sd7r-gff2
73
vulnerability VCID-wdud-ckq4-wqfa
74
vulnerability VCID-wzbf-bazj-4kgy
75
vulnerability VCID-xa87-8qgt-t7az
76
vulnerability VCID-xfwh-3838-j7ct
77
vulnerability VCID-xgwg-8q8s-cbfk
78
vulnerability VCID-y92e-mb7u-sueg
79
vulnerability VCID-yah4-88g3-37ak
80
vulnerability VCID-ycet-r6tz-yyhn
81
vulnerability VCID-zbp5-8ec3-gfe4
82
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9
aliases CVE-2022-0258, GHSA-vj9x-w7ch-f46p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5pq-ekja-jffv
60
url VCID-j9qv-7wsq-mkf6
vulnerability_id VCID-j9qv-7wsq-mkf6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1701
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.04014
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1701
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:52:49Z/
url https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d
3
reference_url https://github.com/pimcore/pimcore/pull/14721.patch
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14721.patch
4
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-7r35-chv4-xr3r
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-7r35-chv4-xr3r
5
reference_url https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:52:49Z/
url https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1701
reference_id CVE-2023-1701
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1701
7
reference_url https://github.com/advisories/GHSA-6mmf-qm37-pmgg
reference_id GHSA-6mmf-qm37-pmgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mmf-qm37-pmgg
8
reference_url https://github.com/advisories/GHSA-7r35-chv4-xr3r
reference_id GHSA-7r35-chv4-xr3r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7r35-chv4-xr3r
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.20
purl pkg:composer/pimcore/pimcore@10.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-4dk6-cfer-t7b5
3
vulnerability VCID-5qj5-vh6d-7khq
4
vulnerability VCID-5tz5-h4wq-3qfy
5
vulnerability VCID-68hd-e927-4kcu
6
vulnerability VCID-6w41-7cfk-j7cn
7
vulnerability VCID-979q-g8dh-1fgw
8
vulnerability VCID-9ra4-dac9-7qba
9
vulnerability VCID-bb65-xxsn-m3gv
10
vulnerability VCID-c2j7-ywhr-3ff3
11
vulnerability VCID-c5af-wpgt-dkep
12
vulnerability VCID-cbx2-f95n-kqgd
13
vulnerability VCID-de3u-8wqt-uyc2
14
vulnerability VCID-dhdb-wakw-pufe
15
vulnerability VCID-drty-cbue-3kcv
16
vulnerability VCID-e11t-ywn5-v7gp
17
vulnerability VCID-f4vw-12f3-wfgb
18
vulnerability VCID-f5cg-bkw2-hqct
19
vulnerability VCID-hed9-c39j-87g2
20
vulnerability VCID-jgxx-v2wj-zkfh
21
vulnerability VCID-jxr2-qjbz-17ha
22
vulnerability VCID-m9aa-5k15-dfap
23
vulnerability VCID-mapb-drtt-rbez
24
vulnerability VCID-mcrd-q5wz-d7dk
25
vulnerability VCID-mwu6-2hxd-efc2
26
vulnerability VCID-n6h3-gsty-sua2
27
vulnerability VCID-q7xb-xff7-77cf
28
vulnerability VCID-uaf3-v6zj-uuc3
29
vulnerability VCID-uxdh-6r6k-h7fr
30
vulnerability VCID-v6d4-h4sz-4yad
31
vulnerability VCID-wzbf-bazj-4kgy
32
vulnerability VCID-xfwh-3838-j7ct
33
vulnerability VCID-xgwg-8q8s-cbfk
34
vulnerability VCID-y92e-mb7u-sueg
35
vulnerability VCID-zbp5-8ec3-gfe4
36
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1701, GHSA-6mmf-qm37-pmgg, GHSA-7r35-chv4-xr3r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j9qv-7wsq-mkf6
61
url VCID-jgxx-v2wj-zkfh
vulnerability_id VCID-jgxx-v2wj-zkfh
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2338
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.19701
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2338
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-03T16:28:43Z/
url https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520
3
reference_url https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-03T16:28:43Z/
url https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2338
reference_id CVE-2023-2338
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2338
5
reference_url https://github.com/advisories/GHSA-4x35-vr82-xvj6
reference_id GHSA-4x35-vr82-xvj6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4x35-vr82-xvj6
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6
reference_id GHSA-4x35-vr82-xvj6
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2338, GHSA-4x35-vr82-xvj6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgxx-v2wj-zkfh
62
url VCID-jx3r-bxmm-hfaw
vulnerability_id VCID-jx3r-bxmm-hfaw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1115
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02924
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1115
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:15:26Z/
url https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3
3
reference_url https://github.com/pimcore/pimcore/pull/14500.patch
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14500.patch
4
reference_url https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:15:26Z/
url https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1115
reference_id CVE-2023-1115
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1115
6
reference_url https://github.com/advisories/GHSA-97cp-8873-v2gf
reference_id GHSA-97cp-8873-v2gf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97cp-8873-v2gf
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-97cp-8873-v2gf
reference_id GHSA-97cp-8873-v2gf
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-97cp-8873-v2gf
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.18
purl pkg:composer/pimcore/pimcore@10.5.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-5qj5-vh6d-7khq
7
vulnerability VCID-5tz5-h4wq-3qfy
8
vulnerability VCID-68hd-e927-4kcu
9
vulnerability VCID-6w41-7cfk-j7cn
10
vulnerability VCID-81mh-qb4b-n7a8
11
vulnerability VCID-93rb-sj45-w3fh
12
vulnerability VCID-979q-g8dh-1fgw
13
vulnerability VCID-9ra4-dac9-7qba
14
vulnerability VCID-bb65-xxsn-m3gv
15
vulnerability VCID-c2j7-ywhr-3ff3
16
vulnerability VCID-c5af-wpgt-dkep
17
vulnerability VCID-cbx2-f95n-kqgd
18
vulnerability VCID-cgzf-jppn-q7ff
19
vulnerability VCID-d7zd-p4g6-ryd1
20
vulnerability VCID-de3u-8wqt-uyc2
21
vulnerability VCID-dhdb-wakw-pufe
22
vulnerability VCID-drty-cbue-3kcv
23
vulnerability VCID-e11t-ywn5-v7gp
24
vulnerability VCID-f4vw-12f3-wfgb
25
vulnerability VCID-f5cg-bkw2-hqct
26
vulnerability VCID-f7yk-9pys-t7dr
27
vulnerability VCID-gs48-295u-mqdt
28
vulnerability VCID-hed9-c39j-87g2
29
vulnerability VCID-j9qv-7wsq-mkf6
30
vulnerability VCID-jgxx-v2wj-zkfh
31
vulnerability VCID-jxr2-qjbz-17ha
32
vulnerability VCID-m9aa-5k15-dfap
33
vulnerability VCID-mapb-drtt-rbez
34
vulnerability VCID-mcrd-q5wz-d7dk
35
vulnerability VCID-mwu6-2hxd-efc2
36
vulnerability VCID-n6h3-gsty-sua2
37
vulnerability VCID-p7w5-8ynh-xuh4
38
vulnerability VCID-q7xb-xff7-77cf
39
vulnerability VCID-qn3n-hpd2-7baf
40
vulnerability VCID-qv8v-b5t4-jqb9
41
vulnerability VCID-t6ek-fzh4-mbdu
42
vulnerability VCID-tkcj-gar9-dbbh
43
vulnerability VCID-uaf3-v6zj-uuc3
44
vulnerability VCID-uxdh-6r6k-h7fr
45
vulnerability VCID-v6d4-h4sz-4yad
46
vulnerability VCID-wdud-ckq4-wqfa
47
vulnerability VCID-wzbf-bazj-4kgy
48
vulnerability VCID-xfwh-3838-j7ct
49
vulnerability VCID-xgwg-8q8s-cbfk
50
vulnerability VCID-y92e-mb7u-sueg
51
vulnerability VCID-ycet-r6tz-yyhn
52
vulnerability VCID-zbp5-8ec3-gfe4
53
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1115, GHSA-97cp-8873-v2gf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jx3r-bxmm-hfaw
63
url VCID-jxr2-qjbz-17ha
vulnerability_id VCID-jxr2-qjbz-17ha
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2361
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01589
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2361
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:38Z/
url https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a
3
reference_url https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:38Z/
url https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2361
reference_id CVE-2023-2361
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2361
5
reference_url https://github.com/advisories/GHSA-9xg6-75mh-7x3f
reference_id GHSA-9xg6-75mh-7x3f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9xg6-75mh-7x3f
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f
reference_id GHSA-9xg6-75mh-7x3f
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2361, GHSA-9xg6-75mh-7x3f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxr2-qjbz-17ha
64
url VCID-m455-2tct-dugb
vulnerability_id VCID-m455-2tct-dugb
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16317
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01505
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16317
1
reference_url https://github.com/pimcore/pimcore/commit/6ee5d8536d0802e377594cbe39083e822710aab9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/6ee5d8536d0802e377594cbe39083e822710aab9
2
reference_url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451599
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451599
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16317
reference_id CVE-2019-16317
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16317
fixed_packages
0
url pkg:composer/pimcore/pimcore@5.7.1
purl pkg:composer/pimcore/pimcore@5.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6ph4-dkvv-eybx
18
vulnerability VCID-6w41-7cfk-j7cn
19
vulnerability VCID-7w3s-bvdz-bfht
20
vulnerability VCID-81mh-qb4b-n7a8
21
vulnerability VCID-84sb-282p-abb6
22
vulnerability VCID-8t1x-kdp9-jkag
23
vulnerability VCID-93rb-sj45-w3fh
24
vulnerability VCID-979q-g8dh-1fgw
25
vulnerability VCID-97te-6pwk-bbb4
26
vulnerability VCID-9m1k-bypd-zber
27
vulnerability VCID-9ra4-dac9-7qba
28
vulnerability VCID-a9e8-ky44-s3gc
29
vulnerability VCID-bb65-xxsn-m3gv
30
vulnerability VCID-bexg-r2xt-6ycy
31
vulnerability VCID-bz3s-p33z-kqf2
32
vulnerability VCID-c2j7-ywhr-3ff3
33
vulnerability VCID-c5af-wpgt-dkep
34
vulnerability VCID-cbx2-f95n-kqgd
35
vulnerability VCID-cgzf-jppn-q7ff
36
vulnerability VCID-d7zd-p4g6-ryd1
37
vulnerability VCID-de3u-8wqt-uyc2
38
vulnerability VCID-dhdb-wakw-pufe
39
vulnerability VCID-dr21-xtsw-f3b8
40
vulnerability VCID-drty-cbue-3kcv
41
vulnerability VCID-e11t-ywn5-v7gp
42
vulnerability VCID-f4vw-12f3-wfgb
43
vulnerability VCID-f5cg-bkw2-hqct
44
vulnerability VCID-f7yk-9pys-t7dr
45
vulnerability VCID-f92t-4uw8-67hh
46
vulnerability VCID-fb1z-259v-g7hp
47
vulnerability VCID-fhsn-akes-rqey
48
vulnerability VCID-fnz2-pbtj-43ak
49
vulnerability VCID-fpuf-6uyn-hydv
50
vulnerability VCID-fvku-th2k-93d8
51
vulnerability VCID-gda3-s5cp-w7d4
52
vulnerability VCID-ggje-p3cm-fyhe
53
vulnerability VCID-gs48-295u-mqdt
54
vulnerability VCID-gs7u-m432-yqaw
55
vulnerability VCID-hed9-c39j-87g2
56
vulnerability VCID-hn1d-5fbq-cyc7
57
vulnerability VCID-hvgj-5hjn-cbhb
58
vulnerability VCID-j5pq-ekja-jffv
59
vulnerability VCID-j9qv-7wsq-mkf6
60
vulnerability VCID-jgxx-v2wj-zkfh
61
vulnerability VCID-jx3r-bxmm-hfaw
62
vulnerability VCID-jxr2-qjbz-17ha
63
vulnerability VCID-m756-fmwt-dfbf
64
vulnerability VCID-m9aa-5k15-dfap
65
vulnerability VCID-mapb-drtt-rbez
66
vulnerability VCID-mcrd-q5wz-d7dk
67
vulnerability VCID-mhz5-dnv5-6uas
68
vulnerability VCID-mwu6-2hxd-efc2
69
vulnerability VCID-n6h3-gsty-sua2
70
vulnerability VCID-p7w5-8ynh-xuh4
71
vulnerability VCID-paqt-sa9x-2qcm
72
vulnerability VCID-pnn8-zfvf-wqcf
73
vulnerability VCID-px53-r47y-tbds
74
vulnerability VCID-q7xb-xff7-77cf
75
vulnerability VCID-qbz4-eznm-e3hw
76
vulnerability VCID-qn3n-hpd2-7baf
77
vulnerability VCID-qv8v-b5t4-jqb9
78
vulnerability VCID-r34d-uefq-skam
79
vulnerability VCID-sbqb-c913-rqhb
80
vulnerability VCID-sccv-pzyk-cka7
81
vulnerability VCID-smn4-dvb2-u7hb
82
vulnerability VCID-t6ek-fzh4-mbdu
83
vulnerability VCID-tkcj-gar9-dbbh
84
vulnerability VCID-tpk1-5fw2-pfgc
85
vulnerability VCID-trf7-n9zr-bubx
86
vulnerability VCID-tzjt-fdqe-s7ct
87
vulnerability VCID-uaf3-v6zj-uuc3
88
vulnerability VCID-ud81-gjp6-s3ac
89
vulnerability VCID-ur7d-jx1z-kbet
90
vulnerability VCID-uukc-b952-zbgk
91
vulnerability VCID-uxdh-6r6k-h7fr
92
vulnerability VCID-v6d4-h4sz-4yad
93
vulnerability VCID-v9ts-sd7r-gff2
94
vulnerability VCID-w7q9-zspa-pfb7
95
vulnerability VCID-wdud-ckq4-wqfa
96
vulnerability VCID-wura-bb97-rbg7
97
vulnerability VCID-wzbf-bazj-4kgy
98
vulnerability VCID-x7pr-fcen-r7d5
99
vulnerability VCID-xa87-8qgt-t7az
100
vulnerability VCID-xfwh-3838-j7ct
101
vulnerability VCID-xgwg-8q8s-cbfk
102
vulnerability VCID-y92e-mb7u-sueg
103
vulnerability VCID-yah4-88g3-37ak
104
vulnerability VCID-ycet-r6tz-yyhn
105
vulnerability VCID-ypfe-fdqf-cfcn
106
vulnerability VCID-zbp5-8ec3-gfe4
107
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.7.1
aliases CVE-2019-16317, GHSA-352x-hc2f-fwff
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m455-2tct-dugb
65
url VCID-m756-fmwt-dfbf
vulnerability_id VCID-m756-fmwt-dfbf
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1339
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15701
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1339
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c
3
reference_url https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1339
reference_id CVE-2022-1339
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1339
5
reference_url https://github.com/advisories/GHSA-mj2c-5mjv-gmmj
reference_id GHSA-mj2c-5mjv-gmmj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mj2c-5mjv-gmmj
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.5
purl pkg:composer/pimcore/pimcore@10.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-8t1x-kdp9-jkag
15
vulnerability VCID-93rb-sj45-w3fh
16
vulnerability VCID-979q-g8dh-1fgw
17
vulnerability VCID-9m1k-bypd-zber
18
vulnerability VCID-9ra4-dac9-7qba
19
vulnerability VCID-bb65-xxsn-m3gv
20
vulnerability VCID-bz3s-p33z-kqf2
21
vulnerability VCID-c2j7-ywhr-3ff3
22
vulnerability VCID-c5af-wpgt-dkep
23
vulnerability VCID-cbx2-f95n-kqgd
24
vulnerability VCID-cgzf-jppn-q7ff
25
vulnerability VCID-d7zd-p4g6-ryd1
26
vulnerability VCID-de3u-8wqt-uyc2
27
vulnerability VCID-dhdb-wakw-pufe
28
vulnerability VCID-drty-cbue-3kcv
29
vulnerability VCID-e11t-ywn5-v7gp
30
vulnerability VCID-f4vw-12f3-wfgb
31
vulnerability VCID-f5cg-bkw2-hqct
32
vulnerability VCID-f7yk-9pys-t7dr
33
vulnerability VCID-fvku-th2k-93d8
34
vulnerability VCID-gda3-s5cp-w7d4
35
vulnerability VCID-gs48-295u-mqdt
36
vulnerability VCID-gs7u-m432-yqaw
37
vulnerability VCID-hed9-c39j-87g2
38
vulnerability VCID-j9qv-7wsq-mkf6
39
vulnerability VCID-jgxx-v2wj-zkfh
40
vulnerability VCID-jx3r-bxmm-hfaw
41
vulnerability VCID-jxr2-qjbz-17ha
42
vulnerability VCID-m9aa-5k15-dfap
43
vulnerability VCID-mapb-drtt-rbez
44
vulnerability VCID-mcrd-q5wz-d7dk
45
vulnerability VCID-mhz5-dnv5-6uas
46
vulnerability VCID-mwu6-2hxd-efc2
47
vulnerability VCID-n6h3-gsty-sua2
48
vulnerability VCID-p7w5-8ynh-xuh4
49
vulnerability VCID-q7xb-xff7-77cf
50
vulnerability VCID-qn3n-hpd2-7baf
51
vulnerability VCID-qv8v-b5t4-jqb9
52
vulnerability VCID-t6ek-fzh4-mbdu
53
vulnerability VCID-tkcj-gar9-dbbh
54
vulnerability VCID-uaf3-v6zj-uuc3
55
vulnerability VCID-ud81-gjp6-s3ac
56
vulnerability VCID-ur7d-jx1z-kbet
57
vulnerability VCID-uxdh-6r6k-h7fr
58
vulnerability VCID-v6d4-h4sz-4yad
59
vulnerability VCID-wdud-ckq4-wqfa
60
vulnerability VCID-wzbf-bazj-4kgy
61
vulnerability VCID-xfwh-3838-j7ct
62
vulnerability VCID-xgwg-8q8s-cbfk
63
vulnerability VCID-y92e-mb7u-sueg
64
vulnerability VCID-yah4-88g3-37ak
65
vulnerability VCID-ycet-r6tz-yyhn
66
vulnerability VCID-zbp5-8ec3-gfe4
67
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.5
aliases CVE-2022-1339, GHSA-mj2c-5mjv-gmmj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m756-fmwt-dfbf
66
url VCID-m9aa-5k15-dfap
vulnerability_id VCID-m9aa-5k15-dfap
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30848
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01556
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30848
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3
3
reference_url https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch
4
reference_url https://github.com/pimcore/pimcore/pull/14972
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14972
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30848
reference_id CVE-2023-30848
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30848
6
reference_url https://github.com/advisories/GHSA-6mhm-gcpf-5gr8
reference_id GHSA-6mhm-gcpf-5gr8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mhm-gcpf-5gr8
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8
reference_id GHSA-6mhm-gcpf-5gr8
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-30848, GHSA-6mhm-gcpf-5gr8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9aa-5k15-dfap
67
url VCID-mapb-drtt-rbez
vulnerability_id VCID-mapb-drtt-rbez
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30850
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20188
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30850
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38
3
reference_url https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/
url https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
4
reference_url https://github.com/pimcore/pimcore/pull/14952
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/
url https://github.com/pimcore/pimcore/pull/14952
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30850
reference_id CVE-2023-30850
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30850
6
reference_url https://github.com/advisories/GHSA-jwg4-qcgv-5wg6
reference_id GHSA-jwg4-qcgv-5wg6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwg4-qcgv-5wg6
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6
reference_id GHSA-jwg4-qcgv-5wg6
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-30850, GHSA-jwg4-qcgv-5wg6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mapb-drtt-rbez
68
url VCID-mcrd-q5wz-d7dk
vulnerability_id VCID-mcrd-q5wz-d7dk
summary Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3819
reference_id
reference_type
scores
0
value 2e-05
scoring_system epss
scoring_elements 0.00062
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3819
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:38:48Z/
url https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54
3
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-r87r-982q-2c3q
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-r87r-982q-2c3q
4
reference_url https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:38:48Z/
url https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3819
reference_id CVE-2023-3819
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3819
6
reference_url https://github.com/advisories/GHSA-r87r-982q-2c3q
reference_id GHSA-r87r-982q-2c3q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r87r-982q-2c3q
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.6.4
purl pkg:composer/pimcore/pimcore@10.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-bb65-xxsn-m3gv
2
vulnerability VCID-cbx2-f95n-kqgd
3
vulnerability VCID-de3u-8wqt-uyc2
4
vulnerability VCID-dhdb-wakw-pufe
5
vulnerability VCID-f4vw-12f3-wfgb
6
vulnerability VCID-f5cg-bkw2-hqct
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4
aliases CVE-2023-3819, GHSA-r87r-982q-2c3q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcrd-q5wz-d7dk
69
url VCID-mhz5-dnv5-6uas
vulnerability_id VCID-mhz5-dnv5-6uas
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3255
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01472
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3255
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-28T15:21:24Z/
url https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b
3
reference_url https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-28T15:21:24Z/
url https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3255
reference_id CVE-2022-3255
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3255
5
reference_url https://github.com/advisories/GHSA-wqr6-57qm-hhr5
reference_id GHSA-wqr6-57qm-hhr5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wqr6-57qm-hhr5
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.7
purl pkg:composer/pimcore/pimcore@10.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-4p8y-eknc-zfgn
7
vulnerability VCID-5qj5-vh6d-7khq
8
vulnerability VCID-5tz5-h4wq-3qfy
9
vulnerability VCID-68hd-e927-4kcu
10
vulnerability VCID-6w41-7cfk-j7cn
11
vulnerability VCID-81mh-qb4b-n7a8
12
vulnerability VCID-84sb-282p-abb6
13
vulnerability VCID-93rb-sj45-w3fh
14
vulnerability VCID-979q-g8dh-1fgw
15
vulnerability VCID-9m1k-bypd-zber
16
vulnerability VCID-9ra4-dac9-7qba
17
vulnerability VCID-bb65-xxsn-m3gv
18
vulnerability VCID-c2j7-ywhr-3ff3
19
vulnerability VCID-c5af-wpgt-dkep
20
vulnerability VCID-cbx2-f95n-kqgd
21
vulnerability VCID-cgzf-jppn-q7ff
22
vulnerability VCID-d7zd-p4g6-ryd1
23
vulnerability VCID-de3u-8wqt-uyc2
24
vulnerability VCID-dhdb-wakw-pufe
25
vulnerability VCID-drty-cbue-3kcv
26
vulnerability VCID-e11t-ywn5-v7gp
27
vulnerability VCID-f4vw-12f3-wfgb
28
vulnerability VCID-f5cg-bkw2-hqct
29
vulnerability VCID-f7yk-9pys-t7dr
30
vulnerability VCID-fvku-th2k-93d8
31
vulnerability VCID-gs48-295u-mqdt
32
vulnerability VCID-gs7u-m432-yqaw
33
vulnerability VCID-hed9-c39j-87g2
34
vulnerability VCID-j9qv-7wsq-mkf6
35
vulnerability VCID-jgxx-v2wj-zkfh
36
vulnerability VCID-jx3r-bxmm-hfaw
37
vulnerability VCID-jxr2-qjbz-17ha
38
vulnerability VCID-m9aa-5k15-dfap
39
vulnerability VCID-mapb-drtt-rbez
40
vulnerability VCID-mcrd-q5wz-d7dk
41
vulnerability VCID-mwu6-2hxd-efc2
42
vulnerability VCID-n6h3-gsty-sua2
43
vulnerability VCID-p7w5-8ynh-xuh4
44
vulnerability VCID-q7xb-xff7-77cf
45
vulnerability VCID-qn3n-hpd2-7baf
46
vulnerability VCID-qv8v-b5t4-jqb9
47
vulnerability VCID-t6ek-fzh4-mbdu
48
vulnerability VCID-tkcj-gar9-dbbh
49
vulnerability VCID-uaf3-v6zj-uuc3
50
vulnerability VCID-ud81-gjp6-s3ac
51
vulnerability VCID-ur7d-jx1z-kbet
52
vulnerability VCID-uxdh-6r6k-h7fr
53
vulnerability VCID-v6d4-h4sz-4yad
54
vulnerability VCID-wdud-ckq4-wqfa
55
vulnerability VCID-wzbf-bazj-4kgy
56
vulnerability VCID-xfwh-3838-j7ct
57
vulnerability VCID-xgwg-8q8s-cbfk
58
vulnerability VCID-y92e-mb7u-sueg
59
vulnerability VCID-yah4-88g3-37ak
60
vulnerability VCID-ycet-r6tz-yyhn
61
vulnerability VCID-zbp5-8ec3-gfe4
62
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.7
aliases CVE-2022-3255, GHSA-wqr6-57qm-hhr5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhz5-dnv5-6uas
70
url VCID-mwu6-2hxd-efc2
vulnerability_id VCID-mwu6-2hxd-efc2
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30852
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01133
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30852
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/
url https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch
3
reference_url https://github.com/pimcore/pimcore/pull/14959
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/
url https://github.com/pimcore/pimcore/pull/14959
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30852
reference_id CVE-2023-30852
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30852
5
reference_url https://github.com/advisories/GHSA-j5c3-r84f-9596
reference_id GHSA-j5c3-r84f-9596
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j5c3-r84f-9596
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596
reference_id GHSA-j5c3-r84f-9596
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-30852, GHSA-j5c3-r84f-9596
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwu6-2hxd-efc2
71
url VCID-n6h3-gsty-sua2
vulnerability_id VCID-n6h3-gsty-sua2
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30849
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20188
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30849
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1
3
reference_url https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/
url https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch
4
reference_url https://github.com/pimcore/pimcore/pull/14968
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/
url https://github.com/pimcore/pimcore/pull/14968
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30849
reference_id CVE-2023-30849
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30849
6
reference_url https://github.com/advisories/GHSA-xmg8-w465-mr56
reference_id GHSA-xmg8-w465-mr56
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmg8-w465-mr56
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56
reference_id GHSA-xmg8-w465-mr56
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-30849, GHSA-xmg8-w465-mr56
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6h3-gsty-sua2
72
url VCID-p7w5-8ynh-xuh4
vulnerability_id VCID-p7w5-8ynh-xuh4
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1578
reference_id
reference_type
scores
0
value 0.03609
scoring_system epss
scoring_elements 0.87982
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1578
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-25T19:51:39Z/
url https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2
3
reference_url https://github.com/pimcore/pimcore/pull/14538
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14538
4
reference_url https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-25T19:51:39Z/
url https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e
5
reference_url https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e/
reference_id
reference_type
scores
url https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1578
reference_id CVE-2023-1578
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1578
7
reference_url https://github.com/advisories/GHSA-42c3-wvww-gcqj
reference_id GHSA-42c3-wvww-gcqj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-42c3-wvww-gcqj
8
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-42c3-wvww-gcqj
reference_id GHSA-42c3-wvww-gcqj
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-42c3-wvww-gcqj
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases CVE-2023-1578, GHSA-42c3-wvww-gcqj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p7w5-8ynh-xuh4
73
url VCID-paqt-sa9x-2qcm
vulnerability_id VCID-paqt-sa9x-2qcm
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0832
reference_id
reference_type
scores
0
value 0.00208
scoring_system epss
scoring_elements 0.43192
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0832
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878
3
reference_url https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0832
reference_id CVE-2022-0832
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0832
5
reference_url https://github.com/advisories/GHSA-6qcc-whgp-pjj2
reference_id GHSA-6qcc-whgp-pjj2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qcc-whgp-pjj2
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.3
purl pkg:composer/pimcore/pimcore@10.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-354d-zv99-73g6
4
vulnerability VCID-3et6-gmgj-h7bn
5
vulnerability VCID-3ref-crmy-eucd
6
vulnerability VCID-3xpj-x3xh-7ub9
7
vulnerability VCID-4dk6-cfer-t7b5
8
vulnerability VCID-4p8y-eknc-zfgn
9
vulnerability VCID-5qj5-vh6d-7khq
10
vulnerability VCID-5tz5-h4wq-3qfy
11
vulnerability VCID-68hd-e927-4kcu
12
vulnerability VCID-6w41-7cfk-j7cn
13
vulnerability VCID-7w3s-bvdz-bfht
14
vulnerability VCID-81mh-qb4b-n7a8
15
vulnerability VCID-84sb-282p-abb6
16
vulnerability VCID-8t1x-kdp9-jkag
17
vulnerability VCID-93rb-sj45-w3fh
18
vulnerability VCID-979q-g8dh-1fgw
19
vulnerability VCID-9m1k-bypd-zber
20
vulnerability VCID-9ra4-dac9-7qba
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fhsn-akes-rqey
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-q7xb-xff7-77cf
54
vulnerability VCID-qn3n-hpd2-7baf
55
vulnerability VCID-qv8v-b5t4-jqb9
56
vulnerability VCID-t6ek-fzh4-mbdu
57
vulnerability VCID-tkcj-gar9-dbbh
58
vulnerability VCID-uaf3-v6zj-uuc3
59
vulnerability VCID-ud81-gjp6-s3ac
60
vulnerability VCID-ur7d-jx1z-kbet
61
vulnerability VCID-uxdh-6r6k-h7fr
62
vulnerability VCID-v6d4-h4sz-4yad
63
vulnerability VCID-v9ts-sd7r-gff2
64
vulnerability VCID-wdud-ckq4-wqfa
65
vulnerability VCID-wzbf-bazj-4kgy
66
vulnerability VCID-xfwh-3838-j7ct
67
vulnerability VCID-xgwg-8q8s-cbfk
68
vulnerability VCID-y92e-mb7u-sueg
69
vulnerability VCID-yah4-88g3-37ak
70
vulnerability VCID-ycet-r6tz-yyhn
71
vulnerability VCID-zbp5-8ec3-gfe4
72
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.3
aliases CVE-2022-0832, GHSA-6qcc-whgp-pjj2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-paqt-sa9x-2qcm
74
url VCID-pnn8-zfvf-wqcf
vulnerability_id VCID-pnn8-zfvf-wqcf
summary pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0256
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01718
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0256
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7
3
reference_url https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0256
reference_id CVE-2022-0256
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0256
5
reference_url https://github.com/advisories/GHSA-57hg-26h7-9qgv
reference_id GHSA-57hg-26h7-9qgv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57hg-26h7-9qgv
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.8
purl pkg:composer/pimcore/pimcore@10.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fvku-th2k-93d8
42
vulnerability VCID-gda3-s5cp-w7d4
43
vulnerability VCID-gs48-295u-mqdt
44
vulnerability VCID-gs7u-m432-yqaw
45
vulnerability VCID-hed9-c39j-87g2
46
vulnerability VCID-hn1d-5fbq-cyc7
47
vulnerability VCID-j9qv-7wsq-mkf6
48
vulnerability VCID-jgxx-v2wj-zkfh
49
vulnerability VCID-jx3r-bxmm-hfaw
50
vulnerability VCID-jxr2-qjbz-17ha
51
vulnerability VCID-m756-fmwt-dfbf
52
vulnerability VCID-m9aa-5k15-dfap
53
vulnerability VCID-mapb-drtt-rbez
54
vulnerability VCID-mcrd-q5wz-d7dk
55
vulnerability VCID-mhz5-dnv5-6uas
56
vulnerability VCID-mwu6-2hxd-efc2
57
vulnerability VCID-n6h3-gsty-sua2
58
vulnerability VCID-p7w5-8ynh-xuh4
59
vulnerability VCID-paqt-sa9x-2qcm
60
vulnerability VCID-q7xb-xff7-77cf
61
vulnerability VCID-qbz4-eznm-e3hw
62
vulnerability VCID-qn3n-hpd2-7baf
63
vulnerability VCID-qv8v-b5t4-jqb9
64
vulnerability VCID-sbqb-c913-rqhb
65
vulnerability VCID-t6ek-fzh4-mbdu
66
vulnerability VCID-tkcj-gar9-dbbh
67
vulnerability VCID-uaf3-v6zj-uuc3
68
vulnerability VCID-ud81-gjp6-s3ac
69
vulnerability VCID-ur7d-jx1z-kbet
70
vulnerability VCID-uxdh-6r6k-h7fr
71
vulnerability VCID-v6d4-h4sz-4yad
72
vulnerability VCID-v9ts-sd7r-gff2
73
vulnerability VCID-wdud-ckq4-wqfa
74
vulnerability VCID-wzbf-bazj-4kgy
75
vulnerability VCID-xa87-8qgt-t7az
76
vulnerability VCID-xfwh-3838-j7ct
77
vulnerability VCID-xgwg-8q8s-cbfk
78
vulnerability VCID-y92e-mb7u-sueg
79
vulnerability VCID-yah4-88g3-37ak
80
vulnerability VCID-ycet-r6tz-yyhn
81
vulnerability VCID-zbp5-8ec3-gfe4
82
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.8
1
url pkg:composer/pimcore/pimcore@10.2.9
purl pkg:composer/pimcore/pimcore@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-2jc7-hjcd-3qfb
4
vulnerability VCID-354d-zv99-73g6
5
vulnerability VCID-3et6-gmgj-h7bn
6
vulnerability VCID-3ref-crmy-eucd
7
vulnerability VCID-3xpj-x3xh-7ub9
8
vulnerability VCID-4dk6-cfer-t7b5
9
vulnerability VCID-4p8y-eknc-zfgn
10
vulnerability VCID-5qj5-vh6d-7khq
11
vulnerability VCID-5tz5-h4wq-3qfy
12
vulnerability VCID-68hd-e927-4kcu
13
vulnerability VCID-6w41-7cfk-j7cn
14
vulnerability VCID-7w3s-bvdz-bfht
15
vulnerability VCID-81mh-qb4b-n7a8
16
vulnerability VCID-84sb-282p-abb6
17
vulnerability VCID-8t1x-kdp9-jkag
18
vulnerability VCID-93rb-sj45-w3fh
19
vulnerability VCID-979q-g8dh-1fgw
20
vulnerability VCID-97te-6pwk-bbb4
21
vulnerability VCID-9m1k-bypd-zber
22
vulnerability VCID-9ra4-dac9-7qba
23
vulnerability VCID-a9e8-ky44-s3gc
24
vulnerability VCID-bb65-xxsn-m3gv
25
vulnerability VCID-bz3s-p33z-kqf2
26
vulnerability VCID-c2j7-ywhr-3ff3
27
vulnerability VCID-c5af-wpgt-dkep
28
vulnerability VCID-cbx2-f95n-kqgd
29
vulnerability VCID-cgzf-jppn-q7ff
30
vulnerability VCID-d7zd-p4g6-ryd1
31
vulnerability VCID-de3u-8wqt-uyc2
32
vulnerability VCID-dhdb-wakw-pufe
33
vulnerability VCID-drty-cbue-3kcv
34
vulnerability VCID-e11t-ywn5-v7gp
35
vulnerability VCID-f4vw-12f3-wfgb
36
vulnerability VCID-f5cg-bkw2-hqct
37
vulnerability VCID-f7yk-9pys-t7dr
38
vulnerability VCID-fhsn-akes-rqey
39
vulnerability VCID-fnz2-pbtj-43ak
40
vulnerability VCID-fvku-th2k-93d8
41
vulnerability VCID-gda3-s5cp-w7d4
42
vulnerability VCID-gs48-295u-mqdt
43
vulnerability VCID-gs7u-m432-yqaw
44
vulnerability VCID-hed9-c39j-87g2
45
vulnerability VCID-hn1d-5fbq-cyc7
46
vulnerability VCID-j9qv-7wsq-mkf6
47
vulnerability VCID-jgxx-v2wj-zkfh
48
vulnerability VCID-jx3r-bxmm-hfaw
49
vulnerability VCID-jxr2-qjbz-17ha
50
vulnerability VCID-m756-fmwt-dfbf
51
vulnerability VCID-m9aa-5k15-dfap
52
vulnerability VCID-mapb-drtt-rbez
53
vulnerability VCID-mcrd-q5wz-d7dk
54
vulnerability VCID-mhz5-dnv5-6uas
55
vulnerability VCID-mwu6-2hxd-efc2
56
vulnerability VCID-n6h3-gsty-sua2
57
vulnerability VCID-p7w5-8ynh-xuh4
58
vulnerability VCID-paqt-sa9x-2qcm
59
vulnerability VCID-px53-r47y-tbds
60
vulnerability VCID-q7xb-xff7-77cf
61
vulnerability VCID-qbz4-eznm-e3hw
62
vulnerability VCID-qn3n-hpd2-7baf
63
vulnerability VCID-qv8v-b5t4-jqb9
64
vulnerability VCID-sbqb-c913-rqhb
65
vulnerability VCID-t6ek-fzh4-mbdu
66
vulnerability VCID-tkcj-gar9-dbbh
67
vulnerability VCID-uaf3-v6zj-uuc3
68
vulnerability VCID-ud81-gjp6-s3ac
69
vulnerability VCID-ur7d-jx1z-kbet
70
vulnerability VCID-uxdh-6r6k-h7fr
71
vulnerability VCID-v6d4-h4sz-4yad
72
vulnerability VCID-v9ts-sd7r-gff2
73
vulnerability VCID-wdud-ckq4-wqfa
74
vulnerability VCID-wzbf-bazj-4kgy
75
vulnerability VCID-xa87-8qgt-t7az
76
vulnerability VCID-xfwh-3838-j7ct
77
vulnerability VCID-xgwg-8q8s-cbfk
78
vulnerability VCID-y92e-mb7u-sueg
79
vulnerability VCID-yah4-88g3-37ak
80
vulnerability VCID-ycet-r6tz-yyhn
81
vulnerability VCID-zbp5-8ec3-gfe4
82
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9
aliases CVE-2022-0256, GHSA-57hg-26h7-9qgv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnn8-zfvf-wqcf
75
url VCID-px53-r47y-tbds
vulnerability_id VCID-px53-r47y-tbds
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A stored Cross-site Scripting (XSS) vulnrability was found in pimcore.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0348
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08356
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0348
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a
3
reference_url https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0348
reference_id CVE-2022-0348
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0348
5
reference_url https://github.com/advisories/GHSA-8x44-pwr2-rgc6
reference_id GHSA-8x44-pwr2-rgc6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8x44-pwr2-rgc6
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.0
purl pkg:composer/pimcore/pimcore@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-354d-zv99-73g6
7
vulnerability VCID-3et6-gmgj-h7bn
8
vulnerability VCID-3ref-crmy-eucd
9
vulnerability VCID-3xpj-x3xh-7ub9
10
vulnerability VCID-4dk6-cfer-t7b5
11
vulnerability VCID-4p8y-eknc-zfgn
12
vulnerability VCID-5qj5-vh6d-7khq
13
vulnerability VCID-5tz5-h4wq-3qfy
14
vulnerability VCID-68hd-e927-4kcu
15
vulnerability VCID-6w41-7cfk-j7cn
16
vulnerability VCID-7w3s-bvdz-bfht
17
vulnerability VCID-81mh-qb4b-n7a8
18
vulnerability VCID-84sb-282p-abb6
19
vulnerability VCID-8t1x-kdp9-jkag
20
vulnerability VCID-93rb-sj45-w3fh
21
vulnerability VCID-979q-g8dh-1fgw
22
vulnerability VCID-97te-6pwk-bbb4
23
vulnerability VCID-9m1k-bypd-zber
24
vulnerability VCID-9ra4-dac9-7qba
25
vulnerability VCID-a9e8-ky44-s3gc
26
vulnerability VCID-bb65-xxsn-m3gv
27
vulnerability VCID-bz3s-p33z-kqf2
28
vulnerability VCID-c2j7-ywhr-3ff3
29
vulnerability VCID-c5af-wpgt-dkep
30
vulnerability VCID-cbx2-f95n-kqgd
31
vulnerability VCID-cgzf-jppn-q7ff
32
vulnerability VCID-d7zd-p4g6-ryd1
33
vulnerability VCID-de3u-8wqt-uyc2
34
vulnerability VCID-dhdb-wakw-pufe
35
vulnerability VCID-drty-cbue-3kcv
36
vulnerability VCID-e11t-ywn5-v7gp
37
vulnerability VCID-f4vw-12f3-wfgb
38
vulnerability VCID-f5cg-bkw2-hqct
39
vulnerability VCID-f7yk-9pys-t7dr
40
vulnerability VCID-fhsn-akes-rqey
41
vulnerability VCID-fnz2-pbtj-43ak
42
vulnerability VCID-fpuf-6uyn-hydv
43
vulnerability VCID-fvku-th2k-93d8
44
vulnerability VCID-gda3-s5cp-w7d4
45
vulnerability VCID-ggje-p3cm-fyhe
46
vulnerability VCID-gs48-295u-mqdt
47
vulnerability VCID-gs7u-m432-yqaw
48
vulnerability VCID-hed9-c39j-87g2
49
vulnerability VCID-hn1d-5fbq-cyc7
50
vulnerability VCID-hvgj-5hjn-cbhb
51
vulnerability VCID-j5pq-ekja-jffv
52
vulnerability VCID-j9qv-7wsq-mkf6
53
vulnerability VCID-jgxx-v2wj-zkfh
54
vulnerability VCID-jx3r-bxmm-hfaw
55
vulnerability VCID-jxr2-qjbz-17ha
56
vulnerability VCID-m756-fmwt-dfbf
57
vulnerability VCID-m9aa-5k15-dfap
58
vulnerability VCID-mapb-drtt-rbez
59
vulnerability VCID-mcrd-q5wz-d7dk
60
vulnerability VCID-mhz5-dnv5-6uas
61
vulnerability VCID-mwu6-2hxd-efc2
62
vulnerability VCID-n6h3-gsty-sua2
63
vulnerability VCID-p7w5-8ynh-xuh4
64
vulnerability VCID-paqt-sa9x-2qcm
65
vulnerability VCID-pnn8-zfvf-wqcf
66
vulnerability VCID-q7xb-xff7-77cf
67
vulnerability VCID-qbz4-eznm-e3hw
68
vulnerability VCID-qn3n-hpd2-7baf
69
vulnerability VCID-qv8v-b5t4-jqb9
70
vulnerability VCID-sbqb-c913-rqhb
71
vulnerability VCID-smn4-dvb2-u7hb
72
vulnerability VCID-t6ek-fzh4-mbdu
73
vulnerability VCID-tkcj-gar9-dbbh
74
vulnerability VCID-trf7-n9zr-bubx
75
vulnerability VCID-uaf3-v6zj-uuc3
76
vulnerability VCID-ud81-gjp6-s3ac
77
vulnerability VCID-ur7d-jx1z-kbet
78
vulnerability VCID-uukc-b952-zbgk
79
vulnerability VCID-uxdh-6r6k-h7fr
80
vulnerability VCID-v6d4-h4sz-4yad
81
vulnerability VCID-v9ts-sd7r-gff2
82
vulnerability VCID-w7q9-zspa-pfb7
83
vulnerability VCID-wdud-ckq4-wqfa
84
vulnerability VCID-wzbf-bazj-4kgy
85
vulnerability VCID-x7pr-fcen-r7d5
86
vulnerability VCID-xa87-8qgt-t7az
87
vulnerability VCID-xfwh-3838-j7ct
88
vulnerability VCID-xgwg-8q8s-cbfk
89
vulnerability VCID-y92e-mb7u-sueg
90
vulnerability VCID-yah4-88g3-37ak
91
vulnerability VCID-ycet-r6tz-yyhn
92
vulnerability VCID-zbp5-8ec3-gfe4
93
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.0
1
url pkg:composer/pimcore/pimcore@10.2.10
purl pkg:composer/pimcore/pimcore@10.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-2jc7-hjcd-3qfb
4
vulnerability VCID-354d-zv99-73g6
5
vulnerability VCID-3et6-gmgj-h7bn
6
vulnerability VCID-3ref-crmy-eucd
7
vulnerability VCID-3xpj-x3xh-7ub9
8
vulnerability VCID-4dk6-cfer-t7b5
9
vulnerability VCID-4p8y-eknc-zfgn
10
vulnerability VCID-5qj5-vh6d-7khq
11
vulnerability VCID-5tz5-h4wq-3qfy
12
vulnerability VCID-68hd-e927-4kcu
13
vulnerability VCID-6w41-7cfk-j7cn
14
vulnerability VCID-7w3s-bvdz-bfht
15
vulnerability VCID-81mh-qb4b-n7a8
16
vulnerability VCID-84sb-282p-abb6
17
vulnerability VCID-8t1x-kdp9-jkag
18
vulnerability VCID-93rb-sj45-w3fh
19
vulnerability VCID-979q-g8dh-1fgw
20
vulnerability VCID-97te-6pwk-bbb4
21
vulnerability VCID-9m1k-bypd-zber
22
vulnerability VCID-9ra4-dac9-7qba
23
vulnerability VCID-a9e8-ky44-s3gc
24
vulnerability VCID-bb65-xxsn-m3gv
25
vulnerability VCID-bz3s-p33z-kqf2
26
vulnerability VCID-c2j7-ywhr-3ff3
27
vulnerability VCID-c5af-wpgt-dkep
28
vulnerability VCID-cbx2-f95n-kqgd
29
vulnerability VCID-cgzf-jppn-q7ff
30
vulnerability VCID-d7zd-p4g6-ryd1
31
vulnerability VCID-de3u-8wqt-uyc2
32
vulnerability VCID-dhdb-wakw-pufe
33
vulnerability VCID-drty-cbue-3kcv
34
vulnerability VCID-e11t-ywn5-v7gp
35
vulnerability VCID-f4vw-12f3-wfgb
36
vulnerability VCID-f5cg-bkw2-hqct
37
vulnerability VCID-f7yk-9pys-t7dr
38
vulnerability VCID-fhsn-akes-rqey
39
vulnerability VCID-fnz2-pbtj-43ak
40
vulnerability VCID-fvku-th2k-93d8
41
vulnerability VCID-gda3-s5cp-w7d4
42
vulnerability VCID-gs48-295u-mqdt
43
vulnerability VCID-gs7u-m432-yqaw
44
vulnerability VCID-hed9-c39j-87g2
45
vulnerability VCID-hn1d-5fbq-cyc7
46
vulnerability VCID-j9qv-7wsq-mkf6
47
vulnerability VCID-jgxx-v2wj-zkfh
48
vulnerability VCID-jx3r-bxmm-hfaw
49
vulnerability VCID-jxr2-qjbz-17ha
50
vulnerability VCID-m756-fmwt-dfbf
51
vulnerability VCID-m9aa-5k15-dfap
52
vulnerability VCID-mapb-drtt-rbez
53
vulnerability VCID-mcrd-q5wz-d7dk
54
vulnerability VCID-mhz5-dnv5-6uas
55
vulnerability VCID-mwu6-2hxd-efc2
56
vulnerability VCID-n6h3-gsty-sua2
57
vulnerability VCID-p7w5-8ynh-xuh4
58
vulnerability VCID-paqt-sa9x-2qcm
59
vulnerability VCID-q7xb-xff7-77cf
60
vulnerability VCID-qbz4-eznm-e3hw
61
vulnerability VCID-qn3n-hpd2-7baf
62
vulnerability VCID-qv8v-b5t4-jqb9
63
vulnerability VCID-sbqb-c913-rqhb
64
vulnerability VCID-t6ek-fzh4-mbdu
65
vulnerability VCID-tkcj-gar9-dbbh
66
vulnerability VCID-uaf3-v6zj-uuc3
67
vulnerability VCID-ud81-gjp6-s3ac
68
vulnerability VCID-ur7d-jx1z-kbet
69
vulnerability VCID-uxdh-6r6k-h7fr
70
vulnerability VCID-v6d4-h4sz-4yad
71
vulnerability VCID-v9ts-sd7r-gff2
72
vulnerability VCID-wdud-ckq4-wqfa
73
vulnerability VCID-wzbf-bazj-4kgy
74
vulnerability VCID-xa87-8qgt-t7az
75
vulnerability VCID-xfwh-3838-j7ct
76
vulnerability VCID-xgwg-8q8s-cbfk
77
vulnerability VCID-y92e-mb7u-sueg
78
vulnerability VCID-yah4-88g3-37ak
79
vulnerability VCID-ycet-r6tz-yyhn
80
vulnerability VCID-zbp5-8ec3-gfe4
81
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.10
aliases CVE-2022-0348, GHSA-8x44-pwr2-rgc6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-px53-r47y-tbds
76
url VCID-q7xb-xff7-77cf
vulnerability_id VCID-q7xb-xff7-77cf
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3822
reference_id
reference_type
scores
0
value 0.1097
scoring_system epss
scoring_elements 0.9354
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3822
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:11:54Z/
url https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236
3
reference_url https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:11:54Z/
url https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3822
reference_id CVE-2023-3822
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3822
5
reference_url https://github.com/advisories/GHSA-vmpv-qjhq-r463
reference_id GHSA-vmpv-qjhq-r463
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmpv-qjhq-r463
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.6.4
purl pkg:composer/pimcore/pimcore@10.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-bb65-xxsn-m3gv
2
vulnerability VCID-cbx2-f95n-kqgd
3
vulnerability VCID-de3u-8wqt-uyc2
4
vulnerability VCID-dhdb-wakw-pufe
5
vulnerability VCID-f4vw-12f3-wfgb
6
vulnerability VCID-f5cg-bkw2-hqct
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4
aliases CVE-2023-3822, GHSA-vmpv-qjhq-r463
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q7xb-xff7-77cf
77
url VCID-qbz4-eznm-e3hw
vulnerability_id VCID-qbz4-eznm-e3hw
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0665
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05755
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0665
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e
3
reference_url https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0665
reference_id CVE-2022-0665
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0665
5
reference_url https://github.com/advisories/GHSA-gjq4-69wj-p6pr
reference_id GHSA-gjq4-69wj-p6pr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjq4-69wj-p6pr
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.2
purl pkg:composer/pimcore/pimcore@10.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-7w3s-bvdz-bfht
13
vulnerability VCID-81mh-qb4b-n7a8
14
vulnerability VCID-84sb-282p-abb6
15
vulnerability VCID-8t1x-kdp9-jkag
16
vulnerability VCID-93rb-sj45-w3fh
17
vulnerability VCID-979q-g8dh-1fgw
18
vulnerability VCID-9m1k-bypd-zber
19
vulnerability VCID-9ra4-dac9-7qba
20
vulnerability VCID-a9e8-ky44-s3gc
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fnz2-pbtj-43ak
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-paqt-sa9x-2qcm
54
vulnerability VCID-q7xb-xff7-77cf
55
vulnerability VCID-qn3n-hpd2-7baf
56
vulnerability VCID-qv8v-b5t4-jqb9
57
vulnerability VCID-t6ek-fzh4-mbdu
58
vulnerability VCID-tkcj-gar9-dbbh
59
vulnerability VCID-uaf3-v6zj-uuc3
60
vulnerability VCID-ud81-gjp6-s3ac
61
vulnerability VCID-ur7d-jx1z-kbet
62
vulnerability VCID-uxdh-6r6k-h7fr
63
vulnerability VCID-v6d4-h4sz-4yad
64
vulnerability VCID-wdud-ckq4-wqfa
65
vulnerability VCID-wzbf-bazj-4kgy
66
vulnerability VCID-xfwh-3838-j7ct
67
vulnerability VCID-xgwg-8q8s-cbfk
68
vulnerability VCID-y92e-mb7u-sueg
69
vulnerability VCID-yah4-88g3-37ak
70
vulnerability VCID-ycet-r6tz-yyhn
71
vulnerability VCID-zbp5-8ec3-gfe4
72
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.2
aliases CVE-2022-0665, GHSA-gjq4-69wj-p6pr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbz4-eznm-e3hw
78
url VCID-qn3n-hpd2-7baf
vulnerability_id VCID-qn3n-hpd2-7baf
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28438
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06824
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28438
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/
url https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch
3
reference_url https://github.com/pimcore/pimcore/pull/14526
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/
url https://github.com/pimcore/pimcore/pull/14526
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28438
reference_id CVE-2023-28438
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28438
5
reference_url https://github.com/advisories/GHSA-vf7q-g2pv-jxvx
reference_id GHSA-vf7q-g2pv-jxvx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf7q-g2pv-jxvx
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx
reference_id GHSA-vf7q-g2pv-jxvx
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases CVE-2023-28438, GHSA-vf7q-g2pv-jxvx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qn3n-hpd2-7baf
79
url VCID-qv8v-b5t4-jqb9
vulnerability_id VCID-qv8v-b5t4-jqb9
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28106
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21598
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28106
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/
url https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2
3
reference_url https://github.com/pimcore/pimcore/pull/14669.patch
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/
url https://github.com/pimcore/pimcore/pull/14669.patch
4
reference_url https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/
url https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28106
reference_id CVE-2023-28106
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28106
6
reference_url https://github.com/advisories/GHSA-x5j3-mq9g-8jc8
reference_id GHSA-x5j3-mq9g-8jc8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x5j3-mq9g-8jc8
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8
reference_id GHSA-x5j3-mq9g-8jc8
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases CVE-2023-28106, GHSA-x5j3-mq9g-8jc8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qv8v-b5t4-jqb9
80
url VCID-r34d-uefq-skam
vulnerability_id VCID-r34d-uefq-skam
summary 
Cross-site Scripting
Text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39166
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.0553
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39166
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/pull/10170
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/10170
3
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-w6j8-jc36-x5q9
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-w6j8-jc36-x5q9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39166
reference_id CVE-2021-39166
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39166
5
reference_url https://github.com/advisories/GHSA-w6j8-jc36-x5q9
reference_id GHSA-w6j8-jc36-x5q9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w6j8-jc36-x5q9
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.1.2
purl pkg:composer/pimcore/pimcore@10.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-5qj5-vh6d-7khq
14
vulnerability VCID-5tz5-h4wq-3qfy
15
vulnerability VCID-68hd-e927-4kcu
16
vulnerability VCID-6w41-7cfk-j7cn
17
vulnerability VCID-7w3s-bvdz-bfht
18
vulnerability VCID-81mh-qb4b-n7a8
19
vulnerability VCID-84sb-282p-abb6
20
vulnerability VCID-8t1x-kdp9-jkag
21
vulnerability VCID-93rb-sj45-w3fh
22
vulnerability VCID-979q-g8dh-1fgw
23
vulnerability VCID-97te-6pwk-bbb4
24
vulnerability VCID-9m1k-bypd-zber
25
vulnerability VCID-9ra4-dac9-7qba
26
vulnerability VCID-a9e8-ky44-s3gc
27
vulnerability VCID-bb65-xxsn-m3gv
28
vulnerability VCID-bexg-r2xt-6ycy
29
vulnerability VCID-bz3s-p33z-kqf2
30
vulnerability VCID-c2j7-ywhr-3ff3
31
vulnerability VCID-c5af-wpgt-dkep
32
vulnerability VCID-cbx2-f95n-kqgd
33
vulnerability VCID-cgzf-jppn-q7ff
34
vulnerability VCID-d7zd-p4g6-ryd1
35
vulnerability VCID-de3u-8wqt-uyc2
36
vulnerability VCID-dhdb-wakw-pufe
37
vulnerability VCID-drty-cbue-3kcv
38
vulnerability VCID-e11t-ywn5-v7gp
39
vulnerability VCID-f4vw-12f3-wfgb
40
vulnerability VCID-f5cg-bkw2-hqct
41
vulnerability VCID-f7yk-9pys-t7dr
42
vulnerability VCID-fhsn-akes-rqey
43
vulnerability VCID-fnz2-pbtj-43ak
44
vulnerability VCID-fpuf-6uyn-hydv
45
vulnerability VCID-fvku-th2k-93d8
46
vulnerability VCID-gda3-s5cp-w7d4
47
vulnerability VCID-ggje-p3cm-fyhe
48
vulnerability VCID-gs48-295u-mqdt
49
vulnerability VCID-gs7u-m432-yqaw
50
vulnerability VCID-hed9-c39j-87g2
51
vulnerability VCID-hn1d-5fbq-cyc7
52
vulnerability VCID-hvgj-5hjn-cbhb
53
vulnerability VCID-j5pq-ekja-jffv
54
vulnerability VCID-j9qv-7wsq-mkf6
55
vulnerability VCID-jgxx-v2wj-zkfh
56
vulnerability VCID-jx3r-bxmm-hfaw
57
vulnerability VCID-jxr2-qjbz-17ha
58
vulnerability VCID-m756-fmwt-dfbf
59
vulnerability VCID-m9aa-5k15-dfap
60
vulnerability VCID-mapb-drtt-rbez
61
vulnerability VCID-mcrd-q5wz-d7dk
62
vulnerability VCID-mhz5-dnv5-6uas
63
vulnerability VCID-mwu6-2hxd-efc2
64
vulnerability VCID-n6h3-gsty-sua2
65
vulnerability VCID-p7w5-8ynh-xuh4
66
vulnerability VCID-paqt-sa9x-2qcm
67
vulnerability VCID-pnn8-zfvf-wqcf
68
vulnerability VCID-px53-r47y-tbds
69
vulnerability VCID-q7xb-xff7-77cf
70
vulnerability VCID-qbz4-eznm-e3hw
71
vulnerability VCID-qn3n-hpd2-7baf
72
vulnerability VCID-qv8v-b5t4-jqb9
73
vulnerability VCID-sbqb-c913-rqhb
74
vulnerability VCID-smn4-dvb2-u7hb
75
vulnerability VCID-t6ek-fzh4-mbdu
76
vulnerability VCID-tkcj-gar9-dbbh
77
vulnerability VCID-trf7-n9zr-bubx
78
vulnerability VCID-uaf3-v6zj-uuc3
79
vulnerability VCID-ud81-gjp6-s3ac
80
vulnerability VCID-ur7d-jx1z-kbet
81
vulnerability VCID-uukc-b952-zbgk
82
vulnerability VCID-uxdh-6r6k-h7fr
83
vulnerability VCID-v6d4-h4sz-4yad
84
vulnerability VCID-v9ts-sd7r-gff2
85
vulnerability VCID-w7q9-zspa-pfb7
86
vulnerability VCID-wdud-ckq4-wqfa
87
vulnerability VCID-wzbf-bazj-4kgy
88
vulnerability VCID-x7pr-fcen-r7d5
89
vulnerability VCID-xa87-8qgt-t7az
90
vulnerability VCID-xfwh-3838-j7ct
91
vulnerability VCID-xgwg-8q8s-cbfk
92
vulnerability VCID-y92e-mb7u-sueg
93
vulnerability VCID-yah4-88g3-37ak
94
vulnerability VCID-ycet-r6tz-yyhn
95
vulnerability VCID-zbp5-8ec3-gfe4
96
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.2
aliases CVE-2021-39166, GHSA-w6j8-jc36-x5q9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r34d-uefq-skam
81
url VCID-sbqb-c913-rqhb
vulnerability_id VCID-sbqb-c913-rqhb
summary 
Cross-site Scripting in pimcore
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0565
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.16879
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0565
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T19:16:12Z/
url https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245
3
reference_url https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T19:16:12Z/
url https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0565
reference_id CVE-2022-0565
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0565
5
reference_url https://github.com/advisories/GHSA-h9vc-2p9g-63gp
reference_id GHSA-h9vc-2p9g-63gp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h9vc-2p9g-63gp
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.1
purl pkg:composer/pimcore/pimcore@10.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-7w3s-bvdz-bfht
13
vulnerability VCID-81mh-qb4b-n7a8
14
vulnerability VCID-84sb-282p-abb6
15
vulnerability VCID-8t1x-kdp9-jkag
16
vulnerability VCID-93rb-sj45-w3fh
17
vulnerability VCID-979q-g8dh-1fgw
18
vulnerability VCID-9m1k-bypd-zber
19
vulnerability VCID-9ra4-dac9-7qba
20
vulnerability VCID-a9e8-ky44-s3gc
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fnz2-pbtj-43ak
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-paqt-sa9x-2qcm
54
vulnerability VCID-q7xb-xff7-77cf
55
vulnerability VCID-qbz4-eznm-e3hw
56
vulnerability VCID-qn3n-hpd2-7baf
57
vulnerability VCID-qv8v-b5t4-jqb9
58
vulnerability VCID-t6ek-fzh4-mbdu
59
vulnerability VCID-tkcj-gar9-dbbh
60
vulnerability VCID-uaf3-v6zj-uuc3
61
vulnerability VCID-ud81-gjp6-s3ac
62
vulnerability VCID-ur7d-jx1z-kbet
63
vulnerability VCID-uxdh-6r6k-h7fr
64
vulnerability VCID-v6d4-h4sz-4yad
65
vulnerability VCID-wdud-ckq4-wqfa
66
vulnerability VCID-wzbf-bazj-4kgy
67
vulnerability VCID-xfwh-3838-j7ct
68
vulnerability VCID-xgwg-8q8s-cbfk
69
vulnerability VCID-y92e-mb7u-sueg
70
vulnerability VCID-yah4-88g3-37ak
71
vulnerability VCID-ycet-r6tz-yyhn
72
vulnerability VCID-zbp5-8ec3-gfe4
73
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1
aliases CVE-2022-0565, GHSA-h9vc-2p9g-63gp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbqb-c913-rqhb
82
url VCID-sccv-pzyk-cka7
vulnerability_id VCID-sccv-pzyk-cka7
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18981
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.00882
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18981
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/0a5d80b2593b2ebe35d19756b730ba33aa049106
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/0a5d80b2593b2ebe35d19756b730ba33aa049106
3
reference_url https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18981
reference_id CVE-2019-18981
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18981
fixed_packages
0
url pkg:composer/pimcore/pimcore@6.2.2
purl pkg:composer/pimcore/pimcore@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6w41-7cfk-j7cn
18
vulnerability VCID-7w3s-bvdz-bfht
19
vulnerability VCID-81mh-qb4b-n7a8
20
vulnerability VCID-84sb-282p-abb6
21
vulnerability VCID-8t1x-kdp9-jkag
22
vulnerability VCID-93rb-sj45-w3fh
23
vulnerability VCID-979q-g8dh-1fgw
24
vulnerability VCID-97te-6pwk-bbb4
25
vulnerability VCID-9m1k-bypd-zber
26
vulnerability VCID-9ra4-dac9-7qba
27
vulnerability VCID-a9e8-ky44-s3gc
28
vulnerability VCID-bb65-xxsn-m3gv
29
vulnerability VCID-bexg-r2xt-6ycy
30
vulnerability VCID-bz3s-p33z-kqf2
31
vulnerability VCID-c2j7-ywhr-3ff3
32
vulnerability VCID-c5af-wpgt-dkep
33
vulnerability VCID-cbx2-f95n-kqgd
34
vulnerability VCID-cgzf-jppn-q7ff
35
vulnerability VCID-d7zd-p4g6-ryd1
36
vulnerability VCID-de3u-8wqt-uyc2
37
vulnerability VCID-dhdb-wakw-pufe
38
vulnerability VCID-dr21-xtsw-f3b8
39
vulnerability VCID-drty-cbue-3kcv
40
vulnerability VCID-e11t-ywn5-v7gp
41
vulnerability VCID-f4vw-12f3-wfgb
42
vulnerability VCID-f5cg-bkw2-hqct
43
vulnerability VCID-f7yk-9pys-t7dr
44
vulnerability VCID-f92t-4uw8-67hh
45
vulnerability VCID-fhsn-akes-rqey
46
vulnerability VCID-fnz2-pbtj-43ak
47
vulnerability VCID-fpuf-6uyn-hydv
48
vulnerability VCID-fvku-th2k-93d8
49
vulnerability VCID-gda3-s5cp-w7d4
50
vulnerability VCID-ggje-p3cm-fyhe
51
vulnerability VCID-gs48-295u-mqdt
52
vulnerability VCID-gs7u-m432-yqaw
53
vulnerability VCID-hed9-c39j-87g2
54
vulnerability VCID-hn1d-5fbq-cyc7
55
vulnerability VCID-hvgj-5hjn-cbhb
56
vulnerability VCID-j5pq-ekja-jffv
57
vulnerability VCID-j9qv-7wsq-mkf6
58
vulnerability VCID-jgxx-v2wj-zkfh
59
vulnerability VCID-jx3r-bxmm-hfaw
60
vulnerability VCID-jxr2-qjbz-17ha
61
vulnerability VCID-m756-fmwt-dfbf
62
vulnerability VCID-m9aa-5k15-dfap
63
vulnerability VCID-mapb-drtt-rbez
64
vulnerability VCID-mcrd-q5wz-d7dk
65
vulnerability VCID-mhz5-dnv5-6uas
66
vulnerability VCID-mwu6-2hxd-efc2
67
vulnerability VCID-n6h3-gsty-sua2
68
vulnerability VCID-p7w5-8ynh-xuh4
69
vulnerability VCID-paqt-sa9x-2qcm
70
vulnerability VCID-pnn8-zfvf-wqcf
71
vulnerability VCID-px53-r47y-tbds
72
vulnerability VCID-q7xb-xff7-77cf
73
vulnerability VCID-qbz4-eznm-e3hw
74
vulnerability VCID-qn3n-hpd2-7baf
75
vulnerability VCID-qv8v-b5t4-jqb9
76
vulnerability VCID-r34d-uefq-skam
77
vulnerability VCID-sbqb-c913-rqhb
78
vulnerability VCID-smn4-dvb2-u7hb
79
vulnerability VCID-t6ek-fzh4-mbdu
80
vulnerability VCID-tkcj-gar9-dbbh
81
vulnerability VCID-tpk1-5fw2-pfgc
82
vulnerability VCID-trf7-n9zr-bubx
83
vulnerability VCID-tzjt-fdqe-s7ct
84
vulnerability VCID-uaf3-v6zj-uuc3
85
vulnerability VCID-ud81-gjp6-s3ac
86
vulnerability VCID-uegk-91nv-8be9
87
vulnerability VCID-ur7d-jx1z-kbet
88
vulnerability VCID-uukc-b952-zbgk
89
vulnerability VCID-uxdh-6r6k-h7fr
90
vulnerability VCID-v6d4-h4sz-4yad
91
vulnerability VCID-v9ts-sd7r-gff2
92
vulnerability VCID-w7q9-zspa-pfb7
93
vulnerability VCID-wdud-ckq4-wqfa
94
vulnerability VCID-wura-bb97-rbg7
95
vulnerability VCID-wzbf-bazj-4kgy
96
vulnerability VCID-x7pr-fcen-r7d5
97
vulnerability VCID-xa87-8qgt-t7az
98
vulnerability VCID-xfwh-3838-j7ct
99
vulnerability VCID-xgwg-8q8s-cbfk
100
vulnerability VCID-y92e-mb7u-sueg
101
vulnerability VCID-yah4-88g3-37ak
102
vulnerability VCID-ycet-r6tz-yyhn
103
vulnerability VCID-ypfe-fdqf-cfcn
104
vulnerability VCID-zbp5-8ec3-gfe4
105
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.2.2
aliases CVE-2019-18981, GHSA-jhcf-j4hg-v64r
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sccv-pzyk-cka7
83
url VCID-smn4-dvb2-u7hb
vulnerability_id VCID-smn4-dvb2-u7hb
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0260
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08402
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0260
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f
reference_id
reference_type
scores
url https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f
3
reference_url https://github.com/pimcore/pimcore/commit/665976327ad3c2c87efa2a5a64d696032c0a8109
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/665976327ad3c2c87efa2a5a64d696032c0a8109
4
reference_url https://github.com/pimcore/pimcore/pull/11205
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/11205
5
reference_url https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0260
reference_id CVE-2022-0260
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0260
7
reference_url https://github.com/advisories/GHSA-455w-gv5p-wgg3
reference_id GHSA-455w-gv5p-wgg3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-455w-gv5p-wgg3
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.7
purl pkg:composer/pimcore/pimcore@10.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fvku-th2k-93d8
42
vulnerability VCID-gda3-s5cp-w7d4
43
vulnerability VCID-gs48-295u-mqdt
44
vulnerability VCID-gs7u-m432-yqaw
45
vulnerability VCID-hed9-c39j-87g2
46
vulnerability VCID-hn1d-5fbq-cyc7
47
vulnerability VCID-hvgj-5hjn-cbhb
48
vulnerability VCID-j5pq-ekja-jffv
49
vulnerability VCID-j9qv-7wsq-mkf6
50
vulnerability VCID-jgxx-v2wj-zkfh
51
vulnerability VCID-jx3r-bxmm-hfaw
52
vulnerability VCID-jxr2-qjbz-17ha
53
vulnerability VCID-m756-fmwt-dfbf
54
vulnerability VCID-m9aa-5k15-dfap
55
vulnerability VCID-mapb-drtt-rbez
56
vulnerability VCID-mcrd-q5wz-d7dk
57
vulnerability VCID-mhz5-dnv5-6uas
58
vulnerability VCID-mwu6-2hxd-efc2
59
vulnerability VCID-n6h3-gsty-sua2
60
vulnerability VCID-p7w5-8ynh-xuh4
61
vulnerability VCID-paqt-sa9x-2qcm
62
vulnerability VCID-pnn8-zfvf-wqcf
63
vulnerability VCID-q7xb-xff7-77cf
64
vulnerability VCID-qbz4-eznm-e3hw
65
vulnerability VCID-qn3n-hpd2-7baf
66
vulnerability VCID-qv8v-b5t4-jqb9
67
vulnerability VCID-sbqb-c913-rqhb
68
vulnerability VCID-t6ek-fzh4-mbdu
69
vulnerability VCID-tkcj-gar9-dbbh
70
vulnerability VCID-uaf3-v6zj-uuc3
71
vulnerability VCID-ud81-gjp6-s3ac
72
vulnerability VCID-ur7d-jx1z-kbet
73
vulnerability VCID-uxdh-6r6k-h7fr
74
vulnerability VCID-v6d4-h4sz-4yad
75
vulnerability VCID-v9ts-sd7r-gff2
76
vulnerability VCID-wdud-ckq4-wqfa
77
vulnerability VCID-wzbf-bazj-4kgy
78
vulnerability VCID-xa87-8qgt-t7az
79
vulnerability VCID-xfwh-3838-j7ct
80
vulnerability VCID-xgwg-8q8s-cbfk
81
vulnerability VCID-y92e-mb7u-sueg
82
vulnerability VCID-yah4-88g3-37ak
83
vulnerability VCID-ycet-r6tz-yyhn
84
vulnerability VCID-zbp5-8ec3-gfe4
85
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7
1
url pkg:composer/pimcore/pimcore@10.2.9
purl pkg:composer/pimcore/pimcore@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-2jc7-hjcd-3qfb
4
vulnerability VCID-354d-zv99-73g6
5
vulnerability VCID-3et6-gmgj-h7bn
6
vulnerability VCID-3ref-crmy-eucd
7
vulnerability VCID-3xpj-x3xh-7ub9
8
vulnerability VCID-4dk6-cfer-t7b5
9
vulnerability VCID-4p8y-eknc-zfgn
10
vulnerability VCID-5qj5-vh6d-7khq
11
vulnerability VCID-5tz5-h4wq-3qfy
12
vulnerability VCID-68hd-e927-4kcu
13
vulnerability VCID-6w41-7cfk-j7cn
14
vulnerability VCID-7w3s-bvdz-bfht
15
vulnerability VCID-81mh-qb4b-n7a8
16
vulnerability VCID-84sb-282p-abb6
17
vulnerability VCID-8t1x-kdp9-jkag
18
vulnerability VCID-93rb-sj45-w3fh
19
vulnerability VCID-979q-g8dh-1fgw
20
vulnerability VCID-97te-6pwk-bbb4
21
vulnerability VCID-9m1k-bypd-zber
22
vulnerability VCID-9ra4-dac9-7qba
23
vulnerability VCID-a9e8-ky44-s3gc
24
vulnerability VCID-bb65-xxsn-m3gv
25
vulnerability VCID-bz3s-p33z-kqf2
26
vulnerability VCID-c2j7-ywhr-3ff3
27
vulnerability VCID-c5af-wpgt-dkep
28
vulnerability VCID-cbx2-f95n-kqgd
29
vulnerability VCID-cgzf-jppn-q7ff
30
vulnerability VCID-d7zd-p4g6-ryd1
31
vulnerability VCID-de3u-8wqt-uyc2
32
vulnerability VCID-dhdb-wakw-pufe
33
vulnerability VCID-drty-cbue-3kcv
34
vulnerability VCID-e11t-ywn5-v7gp
35
vulnerability VCID-f4vw-12f3-wfgb
36
vulnerability VCID-f5cg-bkw2-hqct
37
vulnerability VCID-f7yk-9pys-t7dr
38
vulnerability VCID-fhsn-akes-rqey
39
vulnerability VCID-fnz2-pbtj-43ak
40
vulnerability VCID-fvku-th2k-93d8
41
vulnerability VCID-gda3-s5cp-w7d4
42
vulnerability VCID-gs48-295u-mqdt
43
vulnerability VCID-gs7u-m432-yqaw
44
vulnerability VCID-hed9-c39j-87g2
45
vulnerability VCID-hn1d-5fbq-cyc7
46
vulnerability VCID-j9qv-7wsq-mkf6
47
vulnerability VCID-jgxx-v2wj-zkfh
48
vulnerability VCID-jx3r-bxmm-hfaw
49
vulnerability VCID-jxr2-qjbz-17ha
50
vulnerability VCID-m756-fmwt-dfbf
51
vulnerability VCID-m9aa-5k15-dfap
52
vulnerability VCID-mapb-drtt-rbez
53
vulnerability VCID-mcrd-q5wz-d7dk
54
vulnerability VCID-mhz5-dnv5-6uas
55
vulnerability VCID-mwu6-2hxd-efc2
56
vulnerability VCID-n6h3-gsty-sua2
57
vulnerability VCID-p7w5-8ynh-xuh4
58
vulnerability VCID-paqt-sa9x-2qcm
59
vulnerability VCID-px53-r47y-tbds
60
vulnerability VCID-q7xb-xff7-77cf
61
vulnerability VCID-qbz4-eznm-e3hw
62
vulnerability VCID-qn3n-hpd2-7baf
63
vulnerability VCID-qv8v-b5t4-jqb9
64
vulnerability VCID-sbqb-c913-rqhb
65
vulnerability VCID-t6ek-fzh4-mbdu
66
vulnerability VCID-tkcj-gar9-dbbh
67
vulnerability VCID-uaf3-v6zj-uuc3
68
vulnerability VCID-ud81-gjp6-s3ac
69
vulnerability VCID-ur7d-jx1z-kbet
70
vulnerability VCID-uxdh-6r6k-h7fr
71
vulnerability VCID-v6d4-h4sz-4yad
72
vulnerability VCID-v9ts-sd7r-gff2
73
vulnerability VCID-wdud-ckq4-wqfa
74
vulnerability VCID-wzbf-bazj-4kgy
75
vulnerability VCID-xa87-8qgt-t7az
76
vulnerability VCID-xfwh-3838-j7ct
77
vulnerability VCID-xgwg-8q8s-cbfk
78
vulnerability VCID-y92e-mb7u-sueg
79
vulnerability VCID-yah4-88g3-37ak
80
vulnerability VCID-ycet-r6tz-yyhn
81
vulnerability VCID-zbp5-8ec3-gfe4
82
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9
aliases CVE-2022-0260, GHSA-455w-gv5p-wgg3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-smn4-dvb2-u7hb
84
url VCID-t6ek-fzh4-mbdu
vulnerability_id VCID-t6ek-fzh4-mbdu
summary 
Reflected XSS in Application Logger module
### Impact
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

### Patches
Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14606.patch

### Workarounds
Apply https://github.com/pimcore/pimcore/pull/14606.patch manually.

### References
https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/
references
0
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
1
reference_url https://github.com/pimcore/pimcore/pull/14606
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14606
2
reference_url https://github.com/pimcore/pimcore/pull/14606.patch
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14606.patch
3
reference_url https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356
4
reference_url https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/
reference_id
reference_type
scores
url https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1312
reference_id CVE-2023-1312
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1312
6
reference_url https://github.com/advisories/GHSA-2xpm-cmvw-3jcc
reference_id GHSA-2xpm-cmvw-3jcc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xpm-cmvw-3jcc
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc
reference_id GHSA-2xpm-cmvw-3jcc
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases GHSA-2xpm-cmvw-3jcc, GMS-2023-779
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6ek-fzh4-mbdu
85
url VCID-tkcj-gar9-dbbh
vulnerability_id VCID-tkcj-gar9-dbbh
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1704
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03625
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1704
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:30:59Z/
url https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0
3
reference_url https://github.com/pimcore/pimcore/pull/14732.patch
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14732.patch
4
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-hfmg-g39c-5444
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-hfmg-g39c-5444
5
reference_url https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:30:59Z/
url https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1704
reference_id CVE-2023-1704
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1704
7
reference_url https://github.com/advisories/GHSA-hfmg-g39c-5444
reference_id GHSA-hfmg-g39c-5444
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hfmg-g39c-5444
8
reference_url https://github.com/advisories/GHSA-rp78-4562-gx3c
reference_id GHSA-rp78-4562-gx3c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rp78-4562-gx3c
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.20
purl pkg:composer/pimcore/pimcore@10.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-4dk6-cfer-t7b5
3
vulnerability VCID-5qj5-vh6d-7khq
4
vulnerability VCID-5tz5-h4wq-3qfy
5
vulnerability VCID-68hd-e927-4kcu
6
vulnerability VCID-6w41-7cfk-j7cn
7
vulnerability VCID-979q-g8dh-1fgw
8
vulnerability VCID-9ra4-dac9-7qba
9
vulnerability VCID-bb65-xxsn-m3gv
10
vulnerability VCID-c2j7-ywhr-3ff3
11
vulnerability VCID-c5af-wpgt-dkep
12
vulnerability VCID-cbx2-f95n-kqgd
13
vulnerability VCID-de3u-8wqt-uyc2
14
vulnerability VCID-dhdb-wakw-pufe
15
vulnerability VCID-drty-cbue-3kcv
16
vulnerability VCID-e11t-ywn5-v7gp
17
vulnerability VCID-f4vw-12f3-wfgb
18
vulnerability VCID-f5cg-bkw2-hqct
19
vulnerability VCID-hed9-c39j-87g2
20
vulnerability VCID-jgxx-v2wj-zkfh
21
vulnerability VCID-jxr2-qjbz-17ha
22
vulnerability VCID-m9aa-5k15-dfap
23
vulnerability VCID-mapb-drtt-rbez
24
vulnerability VCID-mcrd-q5wz-d7dk
25
vulnerability VCID-mwu6-2hxd-efc2
26
vulnerability VCID-n6h3-gsty-sua2
27
vulnerability VCID-q7xb-xff7-77cf
28
vulnerability VCID-uaf3-v6zj-uuc3
29
vulnerability VCID-uxdh-6r6k-h7fr
30
vulnerability VCID-v6d4-h4sz-4yad
31
vulnerability VCID-wzbf-bazj-4kgy
32
vulnerability VCID-xfwh-3838-j7ct
33
vulnerability VCID-xgwg-8q8s-cbfk
34
vulnerability VCID-y92e-mb7u-sueg
35
vulnerability VCID-zbp5-8ec3-gfe4
36
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1704, GHSA-hfmg-g39c-5444, GHSA-rp78-4562-gx3c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tkcj-gar9-dbbh
86
url VCID-tpk1-5fw2-pfgc
vulnerability_id VCID-tpk1-5fw2-pfgc
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10763
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00725
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10763
1
reference_url https://blog.certimetergroup.com/it/articolo/security/sql_injection_in_pimcore_6.2.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.certimetergroup.com/it/articolo/security/sql_injection_in_pimcore_6.2.3
2
reference_url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-480391
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-480391
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10763
reference_id CVE-2019-10763
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10763
4
reference_url https://github.com/advisories/GHSA-fpff-384j-vxq7
reference_id GHSA-fpff-384j-vxq7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fpff-384j-vxq7
fixed_packages
0
url pkg:composer/pimcore/pimcore@6.3.0
purl pkg:composer/pimcore/pimcore@6.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6w41-7cfk-j7cn
18
vulnerability VCID-7w3s-bvdz-bfht
19
vulnerability VCID-81mh-qb4b-n7a8
20
vulnerability VCID-84sb-282p-abb6
21
vulnerability VCID-8t1x-kdp9-jkag
22
vulnerability VCID-93rb-sj45-w3fh
23
vulnerability VCID-979q-g8dh-1fgw
24
vulnerability VCID-97te-6pwk-bbb4
25
vulnerability VCID-9m1k-bypd-zber
26
vulnerability VCID-9ra4-dac9-7qba
27
vulnerability VCID-a9e8-ky44-s3gc
28
vulnerability VCID-bb65-xxsn-m3gv
29
vulnerability VCID-bexg-r2xt-6ycy
30
vulnerability VCID-bz3s-p33z-kqf2
31
vulnerability VCID-c2j7-ywhr-3ff3
32
vulnerability VCID-c5af-wpgt-dkep
33
vulnerability VCID-cbx2-f95n-kqgd
34
vulnerability VCID-cgzf-jppn-q7ff
35
vulnerability VCID-d7zd-p4g6-ryd1
36
vulnerability VCID-de3u-8wqt-uyc2
37
vulnerability VCID-dhdb-wakw-pufe
38
vulnerability VCID-dr21-xtsw-f3b8
39
vulnerability VCID-drty-cbue-3kcv
40
vulnerability VCID-e11t-ywn5-v7gp
41
vulnerability VCID-f4vw-12f3-wfgb
42
vulnerability VCID-f5cg-bkw2-hqct
43
vulnerability VCID-f7yk-9pys-t7dr
44
vulnerability VCID-f92t-4uw8-67hh
45
vulnerability VCID-fhsn-akes-rqey
46
vulnerability VCID-fnz2-pbtj-43ak
47
vulnerability VCID-fpuf-6uyn-hydv
48
vulnerability VCID-fvku-th2k-93d8
49
vulnerability VCID-gda3-s5cp-w7d4
50
vulnerability VCID-ggje-p3cm-fyhe
51
vulnerability VCID-gs48-295u-mqdt
52
vulnerability VCID-gs7u-m432-yqaw
53
vulnerability VCID-hed9-c39j-87g2
54
vulnerability VCID-hn1d-5fbq-cyc7
55
vulnerability VCID-hvgj-5hjn-cbhb
56
vulnerability VCID-j5pq-ekja-jffv
57
vulnerability VCID-j9qv-7wsq-mkf6
58
vulnerability VCID-jgxx-v2wj-zkfh
59
vulnerability VCID-jx3r-bxmm-hfaw
60
vulnerability VCID-jxr2-qjbz-17ha
61
vulnerability VCID-m756-fmwt-dfbf
62
vulnerability VCID-m9aa-5k15-dfap
63
vulnerability VCID-mapb-drtt-rbez
64
vulnerability VCID-mcrd-q5wz-d7dk
65
vulnerability VCID-mhz5-dnv5-6uas
66
vulnerability VCID-mwu6-2hxd-efc2
67
vulnerability VCID-n6h3-gsty-sua2
68
vulnerability VCID-p7w5-8ynh-xuh4
69
vulnerability VCID-paqt-sa9x-2qcm
70
vulnerability VCID-pnn8-zfvf-wqcf
71
vulnerability VCID-px53-r47y-tbds
72
vulnerability VCID-q7xb-xff7-77cf
73
vulnerability VCID-qbz4-eznm-e3hw
74
vulnerability VCID-qn3n-hpd2-7baf
75
vulnerability VCID-qv8v-b5t4-jqb9
76
vulnerability VCID-r34d-uefq-skam
77
vulnerability VCID-sbqb-c913-rqhb
78
vulnerability VCID-smn4-dvb2-u7hb
79
vulnerability VCID-t6ek-fzh4-mbdu
80
vulnerability VCID-tkcj-gar9-dbbh
81
vulnerability VCID-trf7-n9zr-bubx
82
vulnerability VCID-tzjt-fdqe-s7ct
83
vulnerability VCID-uaf3-v6zj-uuc3
84
vulnerability VCID-ud81-gjp6-s3ac
85
vulnerability VCID-ur7d-jx1z-kbet
86
vulnerability VCID-uukc-b952-zbgk
87
vulnerability VCID-uxdh-6r6k-h7fr
88
vulnerability VCID-v6d4-h4sz-4yad
89
vulnerability VCID-v9ts-sd7r-gff2
90
vulnerability VCID-w7q9-zspa-pfb7
91
vulnerability VCID-wdud-ckq4-wqfa
92
vulnerability VCID-wura-bb97-rbg7
93
vulnerability VCID-wzbf-bazj-4kgy
94
vulnerability VCID-x7pr-fcen-r7d5
95
vulnerability VCID-xa87-8qgt-t7az
96
vulnerability VCID-xfwh-3838-j7ct
97
vulnerability VCID-xgwg-8q8s-cbfk
98
vulnerability VCID-y92e-mb7u-sueg
99
vulnerability VCID-yah4-88g3-37ak
100
vulnerability VCID-ycet-r6tz-yyhn
101
vulnerability VCID-ypfe-fdqf-cfcn
102
vulnerability VCID-zbp5-8ec3-gfe4
103
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.3.0
aliases CVE-2019-10763, GHSA-fpff-384j-vxq7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpk1-5fw2-pfgc
87
url VCID-trf7-n9zr-bubx
vulnerability_id VCID-trf7-n9zr-bubx
summary pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4082
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00477
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4082
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28
3
reference_url https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4082
reference_id CVE-2021-4082
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4082
5
reference_url https://github.com/advisories/GHSA-2v2v-fx7r-f2fh
reference_id GHSA-2v2v-fx7r-f2fh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2v2v-fx7r-f2fh
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.6
purl pkg:composer/pimcore/pimcore@10.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fpuf-6uyn-hydv
42
vulnerability VCID-fvku-th2k-93d8
43
vulnerability VCID-gda3-s5cp-w7d4
44
vulnerability VCID-ggje-p3cm-fyhe
45
vulnerability VCID-gs48-295u-mqdt
46
vulnerability VCID-gs7u-m432-yqaw
47
vulnerability VCID-hed9-c39j-87g2
48
vulnerability VCID-hn1d-5fbq-cyc7
49
vulnerability VCID-hvgj-5hjn-cbhb
50
vulnerability VCID-j5pq-ekja-jffv
51
vulnerability VCID-j9qv-7wsq-mkf6
52
vulnerability VCID-jgxx-v2wj-zkfh
53
vulnerability VCID-jx3r-bxmm-hfaw
54
vulnerability VCID-jxr2-qjbz-17ha
55
vulnerability VCID-m756-fmwt-dfbf
56
vulnerability VCID-m9aa-5k15-dfap
57
vulnerability VCID-mapb-drtt-rbez
58
vulnerability VCID-mcrd-q5wz-d7dk
59
vulnerability VCID-mhz5-dnv5-6uas
60
vulnerability VCID-mwu6-2hxd-efc2
61
vulnerability VCID-n6h3-gsty-sua2
62
vulnerability VCID-p7w5-8ynh-xuh4
63
vulnerability VCID-paqt-sa9x-2qcm
64
vulnerability VCID-pnn8-zfvf-wqcf
65
vulnerability VCID-q7xb-xff7-77cf
66
vulnerability VCID-qbz4-eznm-e3hw
67
vulnerability VCID-qn3n-hpd2-7baf
68
vulnerability VCID-qv8v-b5t4-jqb9
69
vulnerability VCID-sbqb-c913-rqhb
70
vulnerability VCID-smn4-dvb2-u7hb
71
vulnerability VCID-t6ek-fzh4-mbdu
72
vulnerability VCID-tkcj-gar9-dbbh
73
vulnerability VCID-uaf3-v6zj-uuc3
74
vulnerability VCID-ud81-gjp6-s3ac
75
vulnerability VCID-ur7d-jx1z-kbet
76
vulnerability VCID-uxdh-6r6k-h7fr
77
vulnerability VCID-v6d4-h4sz-4yad
78
vulnerability VCID-v9ts-sd7r-gff2
79
vulnerability VCID-wdud-ckq4-wqfa
80
vulnerability VCID-wzbf-bazj-4kgy
81
vulnerability VCID-x7pr-fcen-r7d5
82
vulnerability VCID-xa87-8qgt-t7az
83
vulnerability VCID-xfwh-3838-j7ct
84
vulnerability VCID-xgwg-8q8s-cbfk
85
vulnerability VCID-y92e-mb7u-sueg
86
vulnerability VCID-yah4-88g3-37ak
87
vulnerability VCID-ycet-r6tz-yyhn
88
vulnerability VCID-zbp5-8ec3-gfe4
89
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6
aliases CVE-2021-4082, GHSA-2v2v-fx7r-f2fh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trf7-n9zr-bubx
88
url VCID-tzjt-fdqe-s7ct
vulnerability_id VCID-tzjt-fdqe-s7ct
summary A SQL Injection flaw was found in the package pimcore/pimcore. This issue exists due to the absence of check on the `storeId` parameter in the method `collectionsActionGet` and `groupsActionGet` method within the `ClassificationstoreController` class.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23405
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08304
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23405
1
reference_url https://github.com/pimcore/pimcore/pull/9572
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/9572
2
reference_url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1316297
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1316297
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23405
reference_id CVE-2021-23405
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23405
4
reference_url https://github.com/advisories/GHSA-g8jx-66p8-vcm2
reference_id GHSA-g8jx-66p8-vcm2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g8jx-66p8-vcm2
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.0.7
purl pkg:composer/pimcore/pimcore@10.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6w41-7cfk-j7cn
18
vulnerability VCID-7w3s-bvdz-bfht
19
vulnerability VCID-81mh-qb4b-n7a8
20
vulnerability VCID-84sb-282p-abb6
21
vulnerability VCID-8t1x-kdp9-jkag
22
vulnerability VCID-93rb-sj45-w3fh
23
vulnerability VCID-979q-g8dh-1fgw
24
vulnerability VCID-97te-6pwk-bbb4
25
vulnerability VCID-9m1k-bypd-zber
26
vulnerability VCID-9ra4-dac9-7qba
27
vulnerability VCID-a9e8-ky44-s3gc
28
vulnerability VCID-bb65-xxsn-m3gv
29
vulnerability VCID-bexg-r2xt-6ycy
30
vulnerability VCID-bz3s-p33z-kqf2
31
vulnerability VCID-c2j7-ywhr-3ff3
32
vulnerability VCID-c5af-wpgt-dkep
33
vulnerability VCID-cbx2-f95n-kqgd
34
vulnerability VCID-cgzf-jppn-q7ff
35
vulnerability VCID-d7zd-p4g6-ryd1
36
vulnerability VCID-de3u-8wqt-uyc2
37
vulnerability VCID-dhdb-wakw-pufe
38
vulnerability VCID-drty-cbue-3kcv
39
vulnerability VCID-e11t-ywn5-v7gp
40
vulnerability VCID-f4vw-12f3-wfgb
41
vulnerability VCID-f5cg-bkw2-hqct
42
vulnerability VCID-f7yk-9pys-t7dr
43
vulnerability VCID-f92t-4uw8-67hh
44
vulnerability VCID-fhsn-akes-rqey
45
vulnerability VCID-fnz2-pbtj-43ak
46
vulnerability VCID-fpuf-6uyn-hydv
47
vulnerability VCID-fvku-th2k-93d8
48
vulnerability VCID-gda3-s5cp-w7d4
49
vulnerability VCID-ggje-p3cm-fyhe
50
vulnerability VCID-gs48-295u-mqdt
51
vulnerability VCID-gs7u-m432-yqaw
52
vulnerability VCID-hed9-c39j-87g2
53
vulnerability VCID-hn1d-5fbq-cyc7
54
vulnerability VCID-hvgj-5hjn-cbhb
55
vulnerability VCID-j5pq-ekja-jffv
56
vulnerability VCID-j9qv-7wsq-mkf6
57
vulnerability VCID-jgxx-v2wj-zkfh
58
vulnerability VCID-jx3r-bxmm-hfaw
59
vulnerability VCID-jxr2-qjbz-17ha
60
vulnerability VCID-m756-fmwt-dfbf
61
vulnerability VCID-m9aa-5k15-dfap
62
vulnerability VCID-mapb-drtt-rbez
63
vulnerability VCID-mcrd-q5wz-d7dk
64
vulnerability VCID-mhz5-dnv5-6uas
65
vulnerability VCID-mwu6-2hxd-efc2
66
vulnerability VCID-n6h3-gsty-sua2
67
vulnerability VCID-p7w5-8ynh-xuh4
68
vulnerability VCID-paqt-sa9x-2qcm
69
vulnerability VCID-pnn8-zfvf-wqcf
70
vulnerability VCID-px53-r47y-tbds
71
vulnerability VCID-q7xb-xff7-77cf
72
vulnerability VCID-qbz4-eznm-e3hw
73
vulnerability VCID-qn3n-hpd2-7baf
74
vulnerability VCID-qv8v-b5t4-jqb9
75
vulnerability VCID-r34d-uefq-skam
76
vulnerability VCID-sbqb-c913-rqhb
77
vulnerability VCID-smn4-dvb2-u7hb
78
vulnerability VCID-t6ek-fzh4-mbdu
79
vulnerability VCID-tkcj-gar9-dbbh
80
vulnerability VCID-trf7-n9zr-bubx
81
vulnerability VCID-uaf3-v6zj-uuc3
82
vulnerability VCID-ud81-gjp6-s3ac
83
vulnerability VCID-ur7d-jx1z-kbet
84
vulnerability VCID-uukc-b952-zbgk
85
vulnerability VCID-uxdh-6r6k-h7fr
86
vulnerability VCID-v6d4-h4sz-4yad
87
vulnerability VCID-v9ts-sd7r-gff2
88
vulnerability VCID-w7q9-zspa-pfb7
89
vulnerability VCID-wdud-ckq4-wqfa
90
vulnerability VCID-wura-bb97-rbg7
91
vulnerability VCID-wzbf-bazj-4kgy
92
vulnerability VCID-x7pr-fcen-r7d5
93
vulnerability VCID-xa87-8qgt-t7az
94
vulnerability VCID-xfwh-3838-j7ct
95
vulnerability VCID-xgwg-8q8s-cbfk
96
vulnerability VCID-y92e-mb7u-sueg
97
vulnerability VCID-yah4-88g3-37ak
98
vulnerability VCID-ycet-r6tz-yyhn
99
vulnerability VCID-zbp5-8ec3-gfe4
100
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.0.7
aliases CVE-2021-23405, GHSA-g8jx-66p8-vcm2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzjt-fdqe-s7ct
89
url VCID-uaf3-v6zj-uuc3
vulnerability_id VCID-uaf3-v6zj-uuc3
summary 
Pimcore Has an Incomplete Patch for CVE-2023-30848
An **incomplete SQL injection patch** in the Admin Search Find API allows an authenticated attacker to perform **blind SQL injection**.
Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to **database information disclosure**.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23492
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.0025
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23492
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/
url https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23492
reference_id CVE-2026-23492
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23492
4
reference_url https://github.com/advisories/GHSA-6mhm-gcpf-5gr8
reference_id GHSA-6mhm-gcpf-5gr8
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6mhm-gcpf-5gr8
5
reference_url https://github.com/advisories/GHSA-qvr7-7g55-69xj
reference_id GHSA-qvr7-7g55-69xj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvr7-7g55-69xj
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj
reference_id GHSA-qvr7-7g55-69xj
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.5.14
purl pkg:composer/pimcore/pimcore@11.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f4vw-12f3-wfgb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14
1
url pkg:composer/pimcore/pimcore@12.3.1
purl pkg:composer/pimcore/pimcore@12.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f4vw-12f3-wfgb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1
aliases CVE-2026-23492, GHSA-qvr7-7g55-69xj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uaf3-v6zj-uuc3
90
url VCID-ud81-gjp6-s3ac
vulnerability_id VCID-ud81-gjp6-s3ac
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23937
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01779
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23937
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/75a448ef8ac74424cf4e723afeb6d05f9eed872f
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:14Z/
url https://github.com/pimcore/pimcore/commit/75a448ef8ac74424cf4e723afeb6d05f9eed872f
3
reference_url https://github.com/pimcore/pimcore/pull/14125
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/14125
4
reference_url https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38
5
reference_url https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38/
reference_id
reference_type
scores
url https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23937
reference_id CVE-2023-23937
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23937
7
reference_url https://github.com/advisories/GHSA-8xv4-jj4h-qww6
reference_id GHSA-8xv4-jj4h-qww6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xv4-jj4h-qww6
8
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-8xv4-jj4h-qww6
reference_id GHSA-8xv4-jj4h-qww6
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:14Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-8xv4-jj4h-qww6
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.16
purl pkg:composer/pimcore/pimcore@10.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-4p8y-eknc-zfgn
7
vulnerability VCID-5qj5-vh6d-7khq
8
vulnerability VCID-5tz5-h4wq-3qfy
9
vulnerability VCID-68hd-e927-4kcu
10
vulnerability VCID-6w41-7cfk-j7cn
11
vulnerability VCID-81mh-qb4b-n7a8
12
vulnerability VCID-93rb-sj45-w3fh
13
vulnerability VCID-979q-g8dh-1fgw
14
vulnerability VCID-9m1k-bypd-zber
15
vulnerability VCID-9ra4-dac9-7qba
16
vulnerability VCID-bb65-xxsn-m3gv
17
vulnerability VCID-c2j7-ywhr-3ff3
18
vulnerability VCID-c5af-wpgt-dkep
19
vulnerability VCID-cbx2-f95n-kqgd
20
vulnerability VCID-cgzf-jppn-q7ff
21
vulnerability VCID-d7zd-p4g6-ryd1
22
vulnerability VCID-de3u-8wqt-uyc2
23
vulnerability VCID-dhdb-wakw-pufe
24
vulnerability VCID-drty-cbue-3kcv
25
vulnerability VCID-e11t-ywn5-v7gp
26
vulnerability VCID-f4vw-12f3-wfgb
27
vulnerability VCID-f5cg-bkw2-hqct
28
vulnerability VCID-f7yk-9pys-t7dr
29
vulnerability VCID-fvku-th2k-93d8
30
vulnerability VCID-gs48-295u-mqdt
31
vulnerability VCID-hed9-c39j-87g2
32
vulnerability VCID-j9qv-7wsq-mkf6
33
vulnerability VCID-jgxx-v2wj-zkfh
34
vulnerability VCID-jx3r-bxmm-hfaw
35
vulnerability VCID-jxr2-qjbz-17ha
36
vulnerability VCID-m9aa-5k15-dfap
37
vulnerability VCID-mapb-drtt-rbez
38
vulnerability VCID-mcrd-q5wz-d7dk
39
vulnerability VCID-mwu6-2hxd-efc2
40
vulnerability VCID-n6h3-gsty-sua2
41
vulnerability VCID-p7w5-8ynh-xuh4
42
vulnerability VCID-q7xb-xff7-77cf
43
vulnerability VCID-qn3n-hpd2-7baf
44
vulnerability VCID-qv8v-b5t4-jqb9
45
vulnerability VCID-t6ek-fzh4-mbdu
46
vulnerability VCID-tkcj-gar9-dbbh
47
vulnerability VCID-uaf3-v6zj-uuc3
48
vulnerability VCID-ur7d-jx1z-kbet
49
vulnerability VCID-uxdh-6r6k-h7fr
50
vulnerability VCID-v6d4-h4sz-4yad
51
vulnerability VCID-wdud-ckq4-wqfa
52
vulnerability VCID-wzbf-bazj-4kgy
53
vulnerability VCID-xfwh-3838-j7ct
54
vulnerability VCID-xgwg-8q8s-cbfk
55
vulnerability VCID-y92e-mb7u-sueg
56
vulnerability VCID-yah4-88g3-37ak
57
vulnerability VCID-ycet-r6tz-yyhn
58
vulnerability VCID-zbp5-8ec3-gfe4
59
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.16
aliases CVE-2023-23937, GHSA-8xv4-jj4h-qww6, GMS-2023-222
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ud81-gjp6-s3ac
91
url VCID-ur7d-jx1z-kbet
vulnerability_id VCID-ur7d-jx1z-kbet
summary Relative Path Traversal in pimcore/pimcore.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30855
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00431
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30855
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/7f788fa44bc18bc1c9182c25e26b770a1d30b62f.patch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/7f788fa44bc18bc1c9182c25e26b770a1d30b62f.patch
3
reference_url https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/
url https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch
4
reference_url https://github.com/pimcore/pimcore/pull/14498
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/
url https://github.com/pimcore/pimcore/pull/14498
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30855
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30855
6
reference_url https://github.com/advisories/GHSA-g2mc-fqqc-hxg3
reference_id GHSA-g2mc-fqqc-hxg3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g2mc-fqqc-hxg3
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-g2mc-fqqc-hxg3
reference_id GHSA-g2mc-fqqc-hxg3
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-g2mc-fqqc-hxg3
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.18
purl pkg:composer/pimcore/pimcore@10.5.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-5qj5-vh6d-7khq
7
vulnerability VCID-5tz5-h4wq-3qfy
8
vulnerability VCID-68hd-e927-4kcu
9
vulnerability VCID-6w41-7cfk-j7cn
10
vulnerability VCID-81mh-qb4b-n7a8
11
vulnerability VCID-93rb-sj45-w3fh
12
vulnerability VCID-979q-g8dh-1fgw
13
vulnerability VCID-9ra4-dac9-7qba
14
vulnerability VCID-bb65-xxsn-m3gv
15
vulnerability VCID-c2j7-ywhr-3ff3
16
vulnerability VCID-c5af-wpgt-dkep
17
vulnerability VCID-cbx2-f95n-kqgd
18
vulnerability VCID-cgzf-jppn-q7ff
19
vulnerability VCID-d7zd-p4g6-ryd1
20
vulnerability VCID-de3u-8wqt-uyc2
21
vulnerability VCID-dhdb-wakw-pufe
22
vulnerability VCID-drty-cbue-3kcv
23
vulnerability VCID-e11t-ywn5-v7gp
24
vulnerability VCID-f4vw-12f3-wfgb
25
vulnerability VCID-f5cg-bkw2-hqct
26
vulnerability VCID-f7yk-9pys-t7dr
27
vulnerability VCID-gs48-295u-mqdt
28
vulnerability VCID-hed9-c39j-87g2
29
vulnerability VCID-j9qv-7wsq-mkf6
30
vulnerability VCID-jgxx-v2wj-zkfh
31
vulnerability VCID-jxr2-qjbz-17ha
32
vulnerability VCID-m9aa-5k15-dfap
33
vulnerability VCID-mapb-drtt-rbez
34
vulnerability VCID-mcrd-q5wz-d7dk
35
vulnerability VCID-mwu6-2hxd-efc2
36
vulnerability VCID-n6h3-gsty-sua2
37
vulnerability VCID-p7w5-8ynh-xuh4
38
vulnerability VCID-q7xb-xff7-77cf
39
vulnerability VCID-qn3n-hpd2-7baf
40
vulnerability VCID-qv8v-b5t4-jqb9
41
vulnerability VCID-t6ek-fzh4-mbdu
42
vulnerability VCID-tkcj-gar9-dbbh
43
vulnerability VCID-uaf3-v6zj-uuc3
44
vulnerability VCID-uxdh-6r6k-h7fr
45
vulnerability VCID-v6d4-h4sz-4yad
46
vulnerability VCID-wdud-ckq4-wqfa
47
vulnerability VCID-wzbf-bazj-4kgy
48
vulnerability VCID-xfwh-3838-j7ct
49
vulnerability VCID-xgwg-8q8s-cbfk
50
vulnerability VCID-y92e-mb7u-sueg
51
vulnerability VCID-ycet-r6tz-yyhn
52
vulnerability VCID-zbp5-8ec3-gfe4
53
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18
aliases CVE-2023-30855, GHSA-g2mc-fqqc-hxg3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ur7d-jx1z-kbet
92
url VCID-uukc-b952-zbgk
vulnerability_id VCID-uukc-b952-zbgk
summary pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4081
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02677
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4081
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a
3
reference_url https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4081
reference_id CVE-2021-4081
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4081
5
reference_url https://github.com/advisories/GHSA-3p85-p4qg-hcrp
reference_id GHSA-3p85-p4qg-hcrp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3p85-p4qg-hcrp
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.6
purl pkg:composer/pimcore/pimcore@10.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fpuf-6uyn-hydv
42
vulnerability VCID-fvku-th2k-93d8
43
vulnerability VCID-gda3-s5cp-w7d4
44
vulnerability VCID-ggje-p3cm-fyhe
45
vulnerability VCID-gs48-295u-mqdt
46
vulnerability VCID-gs7u-m432-yqaw
47
vulnerability VCID-hed9-c39j-87g2
48
vulnerability VCID-hn1d-5fbq-cyc7
49
vulnerability VCID-hvgj-5hjn-cbhb
50
vulnerability VCID-j5pq-ekja-jffv
51
vulnerability VCID-j9qv-7wsq-mkf6
52
vulnerability VCID-jgxx-v2wj-zkfh
53
vulnerability VCID-jx3r-bxmm-hfaw
54
vulnerability VCID-jxr2-qjbz-17ha
55
vulnerability VCID-m756-fmwt-dfbf
56
vulnerability VCID-m9aa-5k15-dfap
57
vulnerability VCID-mapb-drtt-rbez
58
vulnerability VCID-mcrd-q5wz-d7dk
59
vulnerability VCID-mhz5-dnv5-6uas
60
vulnerability VCID-mwu6-2hxd-efc2
61
vulnerability VCID-n6h3-gsty-sua2
62
vulnerability VCID-p7w5-8ynh-xuh4
63
vulnerability VCID-paqt-sa9x-2qcm
64
vulnerability VCID-pnn8-zfvf-wqcf
65
vulnerability VCID-q7xb-xff7-77cf
66
vulnerability VCID-qbz4-eznm-e3hw
67
vulnerability VCID-qn3n-hpd2-7baf
68
vulnerability VCID-qv8v-b5t4-jqb9
69
vulnerability VCID-sbqb-c913-rqhb
70
vulnerability VCID-smn4-dvb2-u7hb
71
vulnerability VCID-t6ek-fzh4-mbdu
72
vulnerability VCID-tkcj-gar9-dbbh
73
vulnerability VCID-uaf3-v6zj-uuc3
74
vulnerability VCID-ud81-gjp6-s3ac
75
vulnerability VCID-ur7d-jx1z-kbet
76
vulnerability VCID-uxdh-6r6k-h7fr
77
vulnerability VCID-v6d4-h4sz-4yad
78
vulnerability VCID-v9ts-sd7r-gff2
79
vulnerability VCID-wdud-ckq4-wqfa
80
vulnerability VCID-wzbf-bazj-4kgy
81
vulnerability VCID-x7pr-fcen-r7d5
82
vulnerability VCID-xa87-8qgt-t7az
83
vulnerability VCID-xfwh-3838-j7ct
84
vulnerability VCID-xgwg-8q8s-cbfk
85
vulnerability VCID-y92e-mb7u-sueg
86
vulnerability VCID-yah4-88g3-37ak
87
vulnerability VCID-ycet-r6tz-yyhn
88
vulnerability VCID-zbp5-8ec3-gfe4
89
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6
aliases CVE-2021-4081, GHSA-3p85-p4qg-hcrp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uukc-b952-zbgk
93
url VCID-uxdh-6r6k-h7fr
vulnerability_id VCID-uxdh-6r6k-h7fr
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2615
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01364
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2615
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:41:26Z/
url https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f
3
reference_url https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:41:26Z/
url https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2615
reference_id CVE-2023-2615
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2615
5
reference_url https://github.com/advisories/GHSA-q7cc-m6jw-m262
reference_id GHSA-q7cc-m6jw-m262
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7cc-m6jw-m262
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262
reference_id GHSA-q7cc-m6jw-m262
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2615, GHSA-q7cc-m6jw-m262
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxdh-6r6k-h7fr
94
url VCID-v6d4-h4sz-4yad
vulnerability_id VCID-v6d4-h4sz-4yad
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2340
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00681
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2340
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:45Z/
url https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e
3
reference_url https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:45Z/
url https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2340
reference_id CVE-2023-2340
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2340
5
reference_url https://github.com/advisories/GHSA-g93x-fm2w-5pxw
reference_id GHSA-g93x-fm2w-5pxw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g93x-fm2w-5pxw
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw
reference_id GHSA-g93x-fm2w-5pxw
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2340, GHSA-g93x-fm2w-5pxw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v6d4-h4sz-4yad
95
url VCID-v9ts-sd7r-gff2
vulnerability_id VCID-v9ts-sd7r-gff2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0704
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10565
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0704
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
3
reference_url https://github.com/pimcore/pimcore/pull/11447
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/11447
4
reference_url https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0704
reference_id CVE-2022-0704
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0704
6
reference_url https://github.com/advisories/GHSA-pc32-x737-74cv
reference_id GHSA-pc32-x737-74cv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pc32-x737-74cv
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.1
purl pkg:composer/pimcore/pimcore@10.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-7w3s-bvdz-bfht
13
vulnerability VCID-81mh-qb4b-n7a8
14
vulnerability VCID-84sb-282p-abb6
15
vulnerability VCID-8t1x-kdp9-jkag
16
vulnerability VCID-93rb-sj45-w3fh
17
vulnerability VCID-979q-g8dh-1fgw
18
vulnerability VCID-9m1k-bypd-zber
19
vulnerability VCID-9ra4-dac9-7qba
20
vulnerability VCID-a9e8-ky44-s3gc
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fnz2-pbtj-43ak
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-paqt-sa9x-2qcm
54
vulnerability VCID-q7xb-xff7-77cf
55
vulnerability VCID-qbz4-eznm-e3hw
56
vulnerability VCID-qn3n-hpd2-7baf
57
vulnerability VCID-qv8v-b5t4-jqb9
58
vulnerability VCID-t6ek-fzh4-mbdu
59
vulnerability VCID-tkcj-gar9-dbbh
60
vulnerability VCID-uaf3-v6zj-uuc3
61
vulnerability VCID-ud81-gjp6-s3ac
62
vulnerability VCID-ur7d-jx1z-kbet
63
vulnerability VCID-uxdh-6r6k-h7fr
64
vulnerability VCID-v6d4-h4sz-4yad
65
vulnerability VCID-wdud-ckq4-wqfa
66
vulnerability VCID-wzbf-bazj-4kgy
67
vulnerability VCID-xfwh-3838-j7ct
68
vulnerability VCID-xgwg-8q8s-cbfk
69
vulnerability VCID-y92e-mb7u-sueg
70
vulnerability VCID-yah4-88g3-37ak
71
vulnerability VCID-ycet-r6tz-yyhn
72
vulnerability VCID-zbp5-8ec3-gfe4
73
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1
1
url pkg:composer/pimcore/pimcore@10.4.0
purl pkg:composer/pimcore/pimcore@10.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-8t1x-kdp9-jkag
15
vulnerability VCID-93rb-sj45-w3fh
16
vulnerability VCID-979q-g8dh-1fgw
17
vulnerability VCID-9m1k-bypd-zber
18
vulnerability VCID-9ra4-dac9-7qba
19
vulnerability VCID-bb65-xxsn-m3gv
20
vulnerability VCID-c2j7-ywhr-3ff3
21
vulnerability VCID-c5af-wpgt-dkep
22
vulnerability VCID-cbx2-f95n-kqgd
23
vulnerability VCID-cgzf-jppn-q7ff
24
vulnerability VCID-d7zd-p4g6-ryd1
25
vulnerability VCID-de3u-8wqt-uyc2
26
vulnerability VCID-dhdb-wakw-pufe
27
vulnerability VCID-drty-cbue-3kcv
28
vulnerability VCID-e11t-ywn5-v7gp
29
vulnerability VCID-f4vw-12f3-wfgb
30
vulnerability VCID-f5cg-bkw2-hqct
31
vulnerability VCID-f7yk-9pys-t7dr
32
vulnerability VCID-fvku-th2k-93d8
33
vulnerability VCID-gs48-295u-mqdt
34
vulnerability VCID-gs7u-m432-yqaw
35
vulnerability VCID-hed9-c39j-87g2
36
vulnerability VCID-j9qv-7wsq-mkf6
37
vulnerability VCID-jgxx-v2wj-zkfh
38
vulnerability VCID-jx3r-bxmm-hfaw
39
vulnerability VCID-jxr2-qjbz-17ha
40
vulnerability VCID-m9aa-5k15-dfap
41
vulnerability VCID-mapb-drtt-rbez
42
vulnerability VCID-mcrd-q5wz-d7dk
43
vulnerability VCID-mhz5-dnv5-6uas
44
vulnerability VCID-mwu6-2hxd-efc2
45
vulnerability VCID-n6h3-gsty-sua2
46
vulnerability VCID-p7w5-8ynh-xuh4
47
vulnerability VCID-q7xb-xff7-77cf
48
vulnerability VCID-qn3n-hpd2-7baf
49
vulnerability VCID-qv8v-b5t4-jqb9
50
vulnerability VCID-t6ek-fzh4-mbdu
51
vulnerability VCID-tkcj-gar9-dbbh
52
vulnerability VCID-uaf3-v6zj-uuc3
53
vulnerability VCID-ud81-gjp6-s3ac
54
vulnerability VCID-ur7d-jx1z-kbet
55
vulnerability VCID-uxdh-6r6k-h7fr
56
vulnerability VCID-v6d4-h4sz-4yad
57
vulnerability VCID-wdud-ckq4-wqfa
58
vulnerability VCID-wzbf-bazj-4kgy
59
vulnerability VCID-xfwh-3838-j7ct
60
vulnerability VCID-xgwg-8q8s-cbfk
61
vulnerability VCID-y92e-mb7u-sueg
62
vulnerability VCID-yah4-88g3-37ak
63
vulnerability VCID-ycet-r6tz-yyhn
64
vulnerability VCID-zbp5-8ec3-gfe4
65
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0
aliases CVE-2022-0704, GHSA-pc32-x737-74cv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9ts-sd7r-gff2
96
url VCID-w7q9-zspa-pfb7
vulnerability_id VCID-w7q9-zspa-pfb7
summary Business Logic Errors in GitHub repository pimcore/pimcore
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4146
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01088
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4146
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6
3
reference_url https://github.com/pimcore/pimcore/issues/11024
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/issues/11024
4
reference_url https://github.com/pimcore/pimcore/pull/11206
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/11206
5
reference_url https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4146
reference_id CVE-2021-4146
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4146
7
reference_url https://github.com/advisories/GHSA-54hw-mhgh-x4vc
reference_id GHSA-54hw-mhgh-x4vc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54hw-mhgh-x4vc
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.6
purl pkg:composer/pimcore/pimcore@10.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fpuf-6uyn-hydv
42
vulnerability VCID-fvku-th2k-93d8
43
vulnerability VCID-gda3-s5cp-w7d4
44
vulnerability VCID-ggje-p3cm-fyhe
45
vulnerability VCID-gs48-295u-mqdt
46
vulnerability VCID-gs7u-m432-yqaw
47
vulnerability VCID-hed9-c39j-87g2
48
vulnerability VCID-hn1d-5fbq-cyc7
49
vulnerability VCID-hvgj-5hjn-cbhb
50
vulnerability VCID-j5pq-ekja-jffv
51
vulnerability VCID-j9qv-7wsq-mkf6
52
vulnerability VCID-jgxx-v2wj-zkfh
53
vulnerability VCID-jx3r-bxmm-hfaw
54
vulnerability VCID-jxr2-qjbz-17ha
55
vulnerability VCID-m756-fmwt-dfbf
56
vulnerability VCID-m9aa-5k15-dfap
57
vulnerability VCID-mapb-drtt-rbez
58
vulnerability VCID-mcrd-q5wz-d7dk
59
vulnerability VCID-mhz5-dnv5-6uas
60
vulnerability VCID-mwu6-2hxd-efc2
61
vulnerability VCID-n6h3-gsty-sua2
62
vulnerability VCID-p7w5-8ynh-xuh4
63
vulnerability VCID-paqt-sa9x-2qcm
64
vulnerability VCID-pnn8-zfvf-wqcf
65
vulnerability VCID-q7xb-xff7-77cf
66
vulnerability VCID-qbz4-eznm-e3hw
67
vulnerability VCID-qn3n-hpd2-7baf
68
vulnerability VCID-qv8v-b5t4-jqb9
69
vulnerability VCID-sbqb-c913-rqhb
70
vulnerability VCID-smn4-dvb2-u7hb
71
vulnerability VCID-t6ek-fzh4-mbdu
72
vulnerability VCID-tkcj-gar9-dbbh
73
vulnerability VCID-uaf3-v6zj-uuc3
74
vulnerability VCID-ud81-gjp6-s3ac
75
vulnerability VCID-ur7d-jx1z-kbet
76
vulnerability VCID-uxdh-6r6k-h7fr
77
vulnerability VCID-v6d4-h4sz-4yad
78
vulnerability VCID-v9ts-sd7r-gff2
79
vulnerability VCID-wdud-ckq4-wqfa
80
vulnerability VCID-wzbf-bazj-4kgy
81
vulnerability VCID-x7pr-fcen-r7d5
82
vulnerability VCID-xa87-8qgt-t7az
83
vulnerability VCID-xfwh-3838-j7ct
84
vulnerability VCID-xgwg-8q8s-cbfk
85
vulnerability VCID-y92e-mb7u-sueg
86
vulnerability VCID-yah4-88g3-37ak
87
vulnerability VCID-ycet-r6tz-yyhn
88
vulnerability VCID-zbp5-8ec3-gfe4
89
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6
1
url pkg:composer/pimcore/pimcore@10.2.9
purl pkg:composer/pimcore/pimcore@10.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-295b-zzh8-q3h3
3
vulnerability VCID-2jc7-hjcd-3qfb
4
vulnerability VCID-354d-zv99-73g6
5
vulnerability VCID-3et6-gmgj-h7bn
6
vulnerability VCID-3ref-crmy-eucd
7
vulnerability VCID-3xpj-x3xh-7ub9
8
vulnerability VCID-4dk6-cfer-t7b5
9
vulnerability VCID-4p8y-eknc-zfgn
10
vulnerability VCID-5qj5-vh6d-7khq
11
vulnerability VCID-5tz5-h4wq-3qfy
12
vulnerability VCID-68hd-e927-4kcu
13
vulnerability VCID-6w41-7cfk-j7cn
14
vulnerability VCID-7w3s-bvdz-bfht
15
vulnerability VCID-81mh-qb4b-n7a8
16
vulnerability VCID-84sb-282p-abb6
17
vulnerability VCID-8t1x-kdp9-jkag
18
vulnerability VCID-93rb-sj45-w3fh
19
vulnerability VCID-979q-g8dh-1fgw
20
vulnerability VCID-97te-6pwk-bbb4
21
vulnerability VCID-9m1k-bypd-zber
22
vulnerability VCID-9ra4-dac9-7qba
23
vulnerability VCID-a9e8-ky44-s3gc
24
vulnerability VCID-bb65-xxsn-m3gv
25
vulnerability VCID-bz3s-p33z-kqf2
26
vulnerability VCID-c2j7-ywhr-3ff3
27
vulnerability VCID-c5af-wpgt-dkep
28
vulnerability VCID-cbx2-f95n-kqgd
29
vulnerability VCID-cgzf-jppn-q7ff
30
vulnerability VCID-d7zd-p4g6-ryd1
31
vulnerability VCID-de3u-8wqt-uyc2
32
vulnerability VCID-dhdb-wakw-pufe
33
vulnerability VCID-drty-cbue-3kcv
34
vulnerability VCID-e11t-ywn5-v7gp
35
vulnerability VCID-f4vw-12f3-wfgb
36
vulnerability VCID-f5cg-bkw2-hqct
37
vulnerability VCID-f7yk-9pys-t7dr
38
vulnerability VCID-fhsn-akes-rqey
39
vulnerability VCID-fnz2-pbtj-43ak
40
vulnerability VCID-fvku-th2k-93d8
41
vulnerability VCID-gda3-s5cp-w7d4
42
vulnerability VCID-gs48-295u-mqdt
43
vulnerability VCID-gs7u-m432-yqaw
44
vulnerability VCID-hed9-c39j-87g2
45
vulnerability VCID-hn1d-5fbq-cyc7
46
vulnerability VCID-j9qv-7wsq-mkf6
47
vulnerability VCID-jgxx-v2wj-zkfh
48
vulnerability VCID-jx3r-bxmm-hfaw
49
vulnerability VCID-jxr2-qjbz-17ha
50
vulnerability VCID-m756-fmwt-dfbf
51
vulnerability VCID-m9aa-5k15-dfap
52
vulnerability VCID-mapb-drtt-rbez
53
vulnerability VCID-mcrd-q5wz-d7dk
54
vulnerability VCID-mhz5-dnv5-6uas
55
vulnerability VCID-mwu6-2hxd-efc2
56
vulnerability VCID-n6h3-gsty-sua2
57
vulnerability VCID-p7w5-8ynh-xuh4
58
vulnerability VCID-paqt-sa9x-2qcm
59
vulnerability VCID-px53-r47y-tbds
60
vulnerability VCID-q7xb-xff7-77cf
61
vulnerability VCID-qbz4-eznm-e3hw
62
vulnerability VCID-qn3n-hpd2-7baf
63
vulnerability VCID-qv8v-b5t4-jqb9
64
vulnerability VCID-sbqb-c913-rqhb
65
vulnerability VCID-t6ek-fzh4-mbdu
66
vulnerability VCID-tkcj-gar9-dbbh
67
vulnerability VCID-uaf3-v6zj-uuc3
68
vulnerability VCID-ud81-gjp6-s3ac
69
vulnerability VCID-ur7d-jx1z-kbet
70
vulnerability VCID-uxdh-6r6k-h7fr
71
vulnerability VCID-v6d4-h4sz-4yad
72
vulnerability VCID-v9ts-sd7r-gff2
73
vulnerability VCID-wdud-ckq4-wqfa
74
vulnerability VCID-wzbf-bazj-4kgy
75
vulnerability VCID-xa87-8qgt-t7az
76
vulnerability VCID-xfwh-3838-j7ct
77
vulnerability VCID-xgwg-8q8s-cbfk
78
vulnerability VCID-y92e-mb7u-sueg
79
vulnerability VCID-yah4-88g3-37ak
80
vulnerability VCID-ycet-r6tz-yyhn
81
vulnerability VCID-zbp5-8ec3-gfe4
82
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9
aliases CVE-2021-4146, GHSA-54hw-mhgh-x4vc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7q9-zspa-pfb7
97
url VCID-wdud-ckq4-wqfa
vulnerability_id VCID-wdud-ckq4-wqfa
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28429
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01632
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28429
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/pull/14574
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/
url https://github.com/pimcore/pimcore/pull/14574
3
reference_url https://github.com/pimcore/pimcore/pull/14574.patch
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/
url https://github.com/pimcore/pimcore/pull/14574.patch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28429
reference_id CVE-2023-28429
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28429
5
reference_url https://github.com/advisories/GHSA-rcg9-hrhx-6q69
reference_id GHSA-rcg9-hrhx-6q69
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcg9-hrhx-6q69
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-rcg9-hrhx-6q69
reference_id GHSA-rcg9-hrhx-6q69
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-rcg9-hrhx-6q69
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases CVE-2023-28429, GHSA-rcg9-hrhx-6q69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wdud-ckq4-wqfa
98
url VCID-wura-bb97-rbg7
vulnerability_id VCID-wura-bb97-rbg7
summary 
Improper Neutralization of Formula Elements in a CSV File
Pimcore is an open source data & experience management platform., Data Object CSV import allows formular injection. The problem is patched Aside from upgrading, one may apply the patch manually as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37702
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11028
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37702
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/pull/9992
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/9992
3
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37702
reference_id CVE-2021-37702
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37702
5
reference_url https://github.com/advisories/GHSA-pp2h-95hm-hv9r
reference_id GHSA-pp2h-95hm-hv9r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pp2h-95hm-hv9r
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.1.1
purl pkg:composer/pimcore/pimcore@10.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6w41-7cfk-j7cn
18
vulnerability VCID-7w3s-bvdz-bfht
19
vulnerability VCID-81mh-qb4b-n7a8
20
vulnerability VCID-84sb-282p-abb6
21
vulnerability VCID-8t1x-kdp9-jkag
22
vulnerability VCID-93rb-sj45-w3fh
23
vulnerability VCID-979q-g8dh-1fgw
24
vulnerability VCID-97te-6pwk-bbb4
25
vulnerability VCID-9m1k-bypd-zber
26
vulnerability VCID-9ra4-dac9-7qba
27
vulnerability VCID-a9e8-ky44-s3gc
28
vulnerability VCID-bb65-xxsn-m3gv
29
vulnerability VCID-bexg-r2xt-6ycy
30
vulnerability VCID-bz3s-p33z-kqf2
31
vulnerability VCID-c2j7-ywhr-3ff3
32
vulnerability VCID-c5af-wpgt-dkep
33
vulnerability VCID-cbx2-f95n-kqgd
34
vulnerability VCID-cgzf-jppn-q7ff
35
vulnerability VCID-d7zd-p4g6-ryd1
36
vulnerability VCID-de3u-8wqt-uyc2
37
vulnerability VCID-dhdb-wakw-pufe
38
vulnerability VCID-drty-cbue-3kcv
39
vulnerability VCID-e11t-ywn5-v7gp
40
vulnerability VCID-f4vw-12f3-wfgb
41
vulnerability VCID-f5cg-bkw2-hqct
42
vulnerability VCID-f7yk-9pys-t7dr
43
vulnerability VCID-fhsn-akes-rqey
44
vulnerability VCID-fnz2-pbtj-43ak
45
vulnerability VCID-fpuf-6uyn-hydv
46
vulnerability VCID-fvku-th2k-93d8
47
vulnerability VCID-gda3-s5cp-w7d4
48
vulnerability VCID-ggje-p3cm-fyhe
49
vulnerability VCID-gs48-295u-mqdt
50
vulnerability VCID-gs7u-m432-yqaw
51
vulnerability VCID-hed9-c39j-87g2
52
vulnerability VCID-hn1d-5fbq-cyc7
53
vulnerability VCID-hvgj-5hjn-cbhb
54
vulnerability VCID-j5pq-ekja-jffv
55
vulnerability VCID-j9qv-7wsq-mkf6
56
vulnerability VCID-jgxx-v2wj-zkfh
57
vulnerability VCID-jx3r-bxmm-hfaw
58
vulnerability VCID-jxr2-qjbz-17ha
59
vulnerability VCID-m756-fmwt-dfbf
60
vulnerability VCID-m9aa-5k15-dfap
61
vulnerability VCID-mapb-drtt-rbez
62
vulnerability VCID-mcrd-q5wz-d7dk
63
vulnerability VCID-mhz5-dnv5-6uas
64
vulnerability VCID-mwu6-2hxd-efc2
65
vulnerability VCID-n6h3-gsty-sua2
66
vulnerability VCID-p7w5-8ynh-xuh4
67
vulnerability VCID-paqt-sa9x-2qcm
68
vulnerability VCID-pnn8-zfvf-wqcf
69
vulnerability VCID-px53-r47y-tbds
70
vulnerability VCID-q7xb-xff7-77cf
71
vulnerability VCID-qbz4-eznm-e3hw
72
vulnerability VCID-qn3n-hpd2-7baf
73
vulnerability VCID-qv8v-b5t4-jqb9
74
vulnerability VCID-r34d-uefq-skam
75
vulnerability VCID-sbqb-c913-rqhb
76
vulnerability VCID-smn4-dvb2-u7hb
77
vulnerability VCID-t6ek-fzh4-mbdu
78
vulnerability VCID-tkcj-gar9-dbbh
79
vulnerability VCID-trf7-n9zr-bubx
80
vulnerability VCID-uaf3-v6zj-uuc3
81
vulnerability VCID-ud81-gjp6-s3ac
82
vulnerability VCID-ur7d-jx1z-kbet
83
vulnerability VCID-uukc-b952-zbgk
84
vulnerability VCID-uxdh-6r6k-h7fr
85
vulnerability VCID-v6d4-h4sz-4yad
86
vulnerability VCID-v9ts-sd7r-gff2
87
vulnerability VCID-w7q9-zspa-pfb7
88
vulnerability VCID-wdud-ckq4-wqfa
89
vulnerability VCID-wzbf-bazj-4kgy
90
vulnerability VCID-x7pr-fcen-r7d5
91
vulnerability VCID-xa87-8qgt-t7az
92
vulnerability VCID-xfwh-3838-j7ct
93
vulnerability VCID-xgwg-8q8s-cbfk
94
vulnerability VCID-y92e-mb7u-sueg
95
vulnerability VCID-yah4-88g3-37ak
96
vulnerability VCID-ycet-r6tz-yyhn
97
vulnerability VCID-zbp5-8ec3-gfe4
98
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.1
aliases CVE-2021-37702, GHSA-pp2h-95hm-hv9r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wura-bb97-rbg7
99
url VCID-wzbf-bazj-4kgy
vulnerability_id VCID-wzbf-bazj-4kgy
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3821
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00386
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3821
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:28:26Z/
url https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c
3
reference_url https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:28:26Z/
url https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3821
reference_id CVE-2023-3821
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3821
5
reference_url https://github.com/advisories/GHSA-78q2-cv3p-x9fm
reference_id GHSA-78q2-cv3p-x9fm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-78q2-cv3p-x9fm
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.6.4
purl pkg:composer/pimcore/pimcore@10.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-bb65-xxsn-m3gv
2
vulnerability VCID-cbx2-f95n-kqgd
3
vulnerability VCID-de3u-8wqt-uyc2
4
vulnerability VCID-dhdb-wakw-pufe
5
vulnerability VCID-f4vw-12f3-wfgb
6
vulnerability VCID-f5cg-bkw2-hqct
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4
aliases CVE-2023-3821, GHSA-78q2-cv3p-x9fm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wzbf-bazj-4kgy
100
url VCID-x7pr-fcen-r7d5
vulnerability_id VCID-x7pr-fcen-r7d5
summary pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4139
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08355
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4139
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245
3
reference_url https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4139
reference_id CVE-2021-4139
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4139
5
reference_url https://github.com/advisories/GHSA-8xx9-rxrj-2m2w
reference_id GHSA-8xx9-rxrj-2m2w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xx9-rxrj-2m2w
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.2.7
purl pkg:composer/pimcore/pimcore@10.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-295b-zzh8-q3h3
4
vulnerability VCID-2jc7-hjcd-3qfb
5
vulnerability VCID-354d-zv99-73g6
6
vulnerability VCID-3et6-gmgj-h7bn
7
vulnerability VCID-3ref-crmy-eucd
8
vulnerability VCID-3xpj-x3xh-7ub9
9
vulnerability VCID-4dk6-cfer-t7b5
10
vulnerability VCID-4p8y-eknc-zfgn
11
vulnerability VCID-5qj5-vh6d-7khq
12
vulnerability VCID-5tz5-h4wq-3qfy
13
vulnerability VCID-68hd-e927-4kcu
14
vulnerability VCID-6w41-7cfk-j7cn
15
vulnerability VCID-7w3s-bvdz-bfht
16
vulnerability VCID-81mh-qb4b-n7a8
17
vulnerability VCID-84sb-282p-abb6
18
vulnerability VCID-8t1x-kdp9-jkag
19
vulnerability VCID-93rb-sj45-w3fh
20
vulnerability VCID-979q-g8dh-1fgw
21
vulnerability VCID-97te-6pwk-bbb4
22
vulnerability VCID-9m1k-bypd-zber
23
vulnerability VCID-9ra4-dac9-7qba
24
vulnerability VCID-a9e8-ky44-s3gc
25
vulnerability VCID-bb65-xxsn-m3gv
26
vulnerability VCID-bz3s-p33z-kqf2
27
vulnerability VCID-c2j7-ywhr-3ff3
28
vulnerability VCID-c5af-wpgt-dkep
29
vulnerability VCID-cbx2-f95n-kqgd
30
vulnerability VCID-cgzf-jppn-q7ff
31
vulnerability VCID-d7zd-p4g6-ryd1
32
vulnerability VCID-de3u-8wqt-uyc2
33
vulnerability VCID-dhdb-wakw-pufe
34
vulnerability VCID-drty-cbue-3kcv
35
vulnerability VCID-e11t-ywn5-v7gp
36
vulnerability VCID-f4vw-12f3-wfgb
37
vulnerability VCID-f5cg-bkw2-hqct
38
vulnerability VCID-f7yk-9pys-t7dr
39
vulnerability VCID-fhsn-akes-rqey
40
vulnerability VCID-fnz2-pbtj-43ak
41
vulnerability VCID-fvku-th2k-93d8
42
vulnerability VCID-gda3-s5cp-w7d4
43
vulnerability VCID-gs48-295u-mqdt
44
vulnerability VCID-gs7u-m432-yqaw
45
vulnerability VCID-hed9-c39j-87g2
46
vulnerability VCID-hn1d-5fbq-cyc7
47
vulnerability VCID-hvgj-5hjn-cbhb
48
vulnerability VCID-j5pq-ekja-jffv
49
vulnerability VCID-j9qv-7wsq-mkf6
50
vulnerability VCID-jgxx-v2wj-zkfh
51
vulnerability VCID-jx3r-bxmm-hfaw
52
vulnerability VCID-jxr2-qjbz-17ha
53
vulnerability VCID-m756-fmwt-dfbf
54
vulnerability VCID-m9aa-5k15-dfap
55
vulnerability VCID-mapb-drtt-rbez
56
vulnerability VCID-mcrd-q5wz-d7dk
57
vulnerability VCID-mhz5-dnv5-6uas
58
vulnerability VCID-mwu6-2hxd-efc2
59
vulnerability VCID-n6h3-gsty-sua2
60
vulnerability VCID-p7w5-8ynh-xuh4
61
vulnerability VCID-paqt-sa9x-2qcm
62
vulnerability VCID-pnn8-zfvf-wqcf
63
vulnerability VCID-q7xb-xff7-77cf
64
vulnerability VCID-qbz4-eznm-e3hw
65
vulnerability VCID-qn3n-hpd2-7baf
66
vulnerability VCID-qv8v-b5t4-jqb9
67
vulnerability VCID-sbqb-c913-rqhb
68
vulnerability VCID-t6ek-fzh4-mbdu
69
vulnerability VCID-tkcj-gar9-dbbh
70
vulnerability VCID-uaf3-v6zj-uuc3
71
vulnerability VCID-ud81-gjp6-s3ac
72
vulnerability VCID-ur7d-jx1z-kbet
73
vulnerability VCID-uxdh-6r6k-h7fr
74
vulnerability VCID-v6d4-h4sz-4yad
75
vulnerability VCID-v9ts-sd7r-gff2
76
vulnerability VCID-wdud-ckq4-wqfa
77
vulnerability VCID-wzbf-bazj-4kgy
78
vulnerability VCID-xa87-8qgt-t7az
79
vulnerability VCID-xfwh-3838-j7ct
80
vulnerability VCID-xgwg-8q8s-cbfk
81
vulnerability VCID-y92e-mb7u-sueg
82
vulnerability VCID-yah4-88g3-37ak
83
vulnerability VCID-ycet-r6tz-yyhn
84
vulnerability VCID-zbp5-8ec3-gfe4
85
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7
aliases CVE-2021-4139, GHSA-8xx9-rxrj-2m2w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7pr-fcen-r7d5
101
url VCID-xa87-8qgt-t7az
vulnerability_id VCID-xa87-8qgt-t7az
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0894
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01657
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0894
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9
3
reference_url https://github.com/pimcore/pimcore/pull/11447
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/pull/11447
4
reference_url https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0894
reference_id CVE-2022-0894
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0894
6
reference_url https://github.com/advisories/GHSA-22hc-47cc-7x6f
reference_id GHSA-22hc-47cc-7x6f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22hc-47cc-7x6f
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.3.1
purl pkg:composer/pimcore/pimcore@10.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-7w3s-bvdz-bfht
13
vulnerability VCID-81mh-qb4b-n7a8
14
vulnerability VCID-84sb-282p-abb6
15
vulnerability VCID-8t1x-kdp9-jkag
16
vulnerability VCID-93rb-sj45-w3fh
17
vulnerability VCID-979q-g8dh-1fgw
18
vulnerability VCID-9m1k-bypd-zber
19
vulnerability VCID-9ra4-dac9-7qba
20
vulnerability VCID-a9e8-ky44-s3gc
21
vulnerability VCID-bb65-xxsn-m3gv
22
vulnerability VCID-bz3s-p33z-kqf2
23
vulnerability VCID-c2j7-ywhr-3ff3
24
vulnerability VCID-c5af-wpgt-dkep
25
vulnerability VCID-cbx2-f95n-kqgd
26
vulnerability VCID-cgzf-jppn-q7ff
27
vulnerability VCID-d7zd-p4g6-ryd1
28
vulnerability VCID-de3u-8wqt-uyc2
29
vulnerability VCID-dhdb-wakw-pufe
30
vulnerability VCID-drty-cbue-3kcv
31
vulnerability VCID-e11t-ywn5-v7gp
32
vulnerability VCID-f4vw-12f3-wfgb
33
vulnerability VCID-f5cg-bkw2-hqct
34
vulnerability VCID-f7yk-9pys-t7dr
35
vulnerability VCID-fnz2-pbtj-43ak
36
vulnerability VCID-fvku-th2k-93d8
37
vulnerability VCID-gda3-s5cp-w7d4
38
vulnerability VCID-gs48-295u-mqdt
39
vulnerability VCID-gs7u-m432-yqaw
40
vulnerability VCID-hed9-c39j-87g2
41
vulnerability VCID-j9qv-7wsq-mkf6
42
vulnerability VCID-jgxx-v2wj-zkfh
43
vulnerability VCID-jx3r-bxmm-hfaw
44
vulnerability VCID-jxr2-qjbz-17ha
45
vulnerability VCID-m756-fmwt-dfbf
46
vulnerability VCID-m9aa-5k15-dfap
47
vulnerability VCID-mapb-drtt-rbez
48
vulnerability VCID-mcrd-q5wz-d7dk
49
vulnerability VCID-mhz5-dnv5-6uas
50
vulnerability VCID-mwu6-2hxd-efc2
51
vulnerability VCID-n6h3-gsty-sua2
52
vulnerability VCID-p7w5-8ynh-xuh4
53
vulnerability VCID-paqt-sa9x-2qcm
54
vulnerability VCID-q7xb-xff7-77cf
55
vulnerability VCID-qbz4-eznm-e3hw
56
vulnerability VCID-qn3n-hpd2-7baf
57
vulnerability VCID-qv8v-b5t4-jqb9
58
vulnerability VCID-t6ek-fzh4-mbdu
59
vulnerability VCID-tkcj-gar9-dbbh
60
vulnerability VCID-uaf3-v6zj-uuc3
61
vulnerability VCID-ud81-gjp6-s3ac
62
vulnerability VCID-ur7d-jx1z-kbet
63
vulnerability VCID-uxdh-6r6k-h7fr
64
vulnerability VCID-v6d4-h4sz-4yad
65
vulnerability VCID-wdud-ckq4-wqfa
66
vulnerability VCID-wzbf-bazj-4kgy
67
vulnerability VCID-xfwh-3838-j7ct
68
vulnerability VCID-xgwg-8q8s-cbfk
69
vulnerability VCID-y92e-mb7u-sueg
70
vulnerability VCID-yah4-88g3-37ak
71
vulnerability VCID-ycet-r6tz-yyhn
72
vulnerability VCID-zbp5-8ec3-gfe4
73
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1
1
url pkg:composer/pimcore/pimcore@10.4.0
purl pkg:composer/pimcore/pimcore@10.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-3xpj-x3xh-7ub9
6
vulnerability VCID-4dk6-cfer-t7b5
7
vulnerability VCID-4p8y-eknc-zfgn
8
vulnerability VCID-5qj5-vh6d-7khq
9
vulnerability VCID-5tz5-h4wq-3qfy
10
vulnerability VCID-68hd-e927-4kcu
11
vulnerability VCID-6w41-7cfk-j7cn
12
vulnerability VCID-81mh-qb4b-n7a8
13
vulnerability VCID-84sb-282p-abb6
14
vulnerability VCID-8t1x-kdp9-jkag
15
vulnerability VCID-93rb-sj45-w3fh
16
vulnerability VCID-979q-g8dh-1fgw
17
vulnerability VCID-9m1k-bypd-zber
18
vulnerability VCID-9ra4-dac9-7qba
19
vulnerability VCID-bb65-xxsn-m3gv
20
vulnerability VCID-c2j7-ywhr-3ff3
21
vulnerability VCID-c5af-wpgt-dkep
22
vulnerability VCID-cbx2-f95n-kqgd
23
vulnerability VCID-cgzf-jppn-q7ff
24
vulnerability VCID-d7zd-p4g6-ryd1
25
vulnerability VCID-de3u-8wqt-uyc2
26
vulnerability VCID-dhdb-wakw-pufe
27
vulnerability VCID-drty-cbue-3kcv
28
vulnerability VCID-e11t-ywn5-v7gp
29
vulnerability VCID-f4vw-12f3-wfgb
30
vulnerability VCID-f5cg-bkw2-hqct
31
vulnerability VCID-f7yk-9pys-t7dr
32
vulnerability VCID-fvku-th2k-93d8
33
vulnerability VCID-gs48-295u-mqdt
34
vulnerability VCID-gs7u-m432-yqaw
35
vulnerability VCID-hed9-c39j-87g2
36
vulnerability VCID-j9qv-7wsq-mkf6
37
vulnerability VCID-jgxx-v2wj-zkfh
38
vulnerability VCID-jx3r-bxmm-hfaw
39
vulnerability VCID-jxr2-qjbz-17ha
40
vulnerability VCID-m9aa-5k15-dfap
41
vulnerability VCID-mapb-drtt-rbez
42
vulnerability VCID-mcrd-q5wz-d7dk
43
vulnerability VCID-mhz5-dnv5-6uas
44
vulnerability VCID-mwu6-2hxd-efc2
45
vulnerability VCID-n6h3-gsty-sua2
46
vulnerability VCID-p7w5-8ynh-xuh4
47
vulnerability VCID-q7xb-xff7-77cf
48
vulnerability VCID-qn3n-hpd2-7baf
49
vulnerability VCID-qv8v-b5t4-jqb9
50
vulnerability VCID-t6ek-fzh4-mbdu
51
vulnerability VCID-tkcj-gar9-dbbh
52
vulnerability VCID-uaf3-v6zj-uuc3
53
vulnerability VCID-ud81-gjp6-s3ac
54
vulnerability VCID-ur7d-jx1z-kbet
55
vulnerability VCID-uxdh-6r6k-h7fr
56
vulnerability VCID-v6d4-h4sz-4yad
57
vulnerability VCID-wdud-ckq4-wqfa
58
vulnerability VCID-wzbf-bazj-4kgy
59
vulnerability VCID-xfwh-3838-j7ct
60
vulnerability VCID-xgwg-8q8s-cbfk
61
vulnerability VCID-y92e-mb7u-sueg
62
vulnerability VCID-yah4-88g3-37ak
63
vulnerability VCID-ycet-r6tz-yyhn
64
vulnerability VCID-zbp5-8ec3-gfe4
65
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0
aliases CVE-2022-0894, GHSA-22hc-47cc-7x6f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa87-8qgt-t7az
102
url VCID-xfwh-3838-j7ct
vulnerability_id VCID-xfwh-3838-j7ct
summary 
Cross-Site Request Forgery (CSRF)
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47637
reference_id
reference_type
scores
0
value 0.7572
scoring_system epss
scoring_elements 0.98928
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47637
1
reference_url https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/
url https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311
2
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
3
reference_url https://github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php#L285-L312
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php#L285-L312
4
reference_url https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/
url https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47637
reference_id CVE-2023-47637
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47637
6
reference_url https://github.com/advisories/GHSA-72hh-xf79-429p
reference_id GHSA-72hh-xf79-429p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72hh-xf79-429p
7
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p
reference_id GHSA-72hh-xf79-429p
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p
fixed_packages
0
url pkg:composer/pimcore/pimcore@11.1.1
purl pkg:composer/pimcore/pimcore@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-692j-q97q-dbd8
2
vulnerability VCID-b518-ye2d-sbdh
3
vulnerability VCID-bb65-xxsn-m3gv
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.1.1
aliases CVE-2023-47637, GHSA-72hh-xf79-429p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfwh-3838-j7ct
103
url VCID-xgwg-8q8s-cbfk
vulnerability_id VCID-xgwg-8q8s-cbfk
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3673
reference_id
reference_type
scores
0
value 0.11372
scoring_system epss
scoring_elements 0.93673
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3673
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/
url https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9
3
reference_url https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/
url https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3673
reference_id CVE-2023-3673
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3673
5
reference_url https://github.com/advisories/GHSA-rxp5-qwrf-pfv3
reference_id GHSA-rxp5-qwrf-pfv3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxp5-qwrf-pfv3
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.24
purl pkg:composer/pimcore/pimcore@10.5.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-bb65-xxsn-m3gv
2
vulnerability VCID-cbx2-f95n-kqgd
3
vulnerability VCID-de3u-8wqt-uyc2
4
vulnerability VCID-dhdb-wakw-pufe
5
vulnerability VCID-f4vw-12f3-wfgb
6
vulnerability VCID-f5cg-bkw2-hqct
7
vulnerability VCID-hed9-c39j-87g2
8
vulnerability VCID-mcrd-q5wz-d7dk
9
vulnerability VCID-q7xb-xff7-77cf
10
vulnerability VCID-uaf3-v6zj-uuc3
11
vulnerability VCID-wzbf-bazj-4kgy
12
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.24
aliases CVE-2023-3673, GHSA-rxp5-qwrf-pfv3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgwg-8q8s-cbfk
104
url VCID-y92e-mb7u-sueg
vulnerability_id VCID-y92e-mb7u-sueg
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2328
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04721
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2328
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:51:34Z/
url https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe
3
reference_url https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:51:34Z/
url https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2328
reference_id CVE-2023-2328
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2328
5
reference_url https://github.com/advisories/GHSA-2295-vh28-pphc
reference_id GHSA-2295-vh28-pphc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2295-vh28-pphc
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc
reference_id GHSA-2295-vh28-pphc
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2328, GHSA-2295-vh28-pphc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y92e-mb7u-sueg
105
url VCID-yah4-88g3-37ak
vulnerability_id VCID-yah4-88g3-37ak
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1067
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04721
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1067
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T19:54:41Z/
url https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf
3
reference_url https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T19:54:41Z/
url https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1067
reference_id CVE-2023-1067
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1067
5
reference_url https://github.com/advisories/GHSA-f2jh-mf2c-8278
reference_id GHSA-f2jh-mf2c-8278
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f2jh-mf2c-8278
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.18
purl pkg:composer/pimcore/pimcore@10.5.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-354d-zv99-73g6
3
vulnerability VCID-3et6-gmgj-h7bn
4
vulnerability VCID-3ref-crmy-eucd
5
vulnerability VCID-4dk6-cfer-t7b5
6
vulnerability VCID-5qj5-vh6d-7khq
7
vulnerability VCID-5tz5-h4wq-3qfy
8
vulnerability VCID-68hd-e927-4kcu
9
vulnerability VCID-6w41-7cfk-j7cn
10
vulnerability VCID-81mh-qb4b-n7a8
11
vulnerability VCID-93rb-sj45-w3fh
12
vulnerability VCID-979q-g8dh-1fgw
13
vulnerability VCID-9ra4-dac9-7qba
14
vulnerability VCID-bb65-xxsn-m3gv
15
vulnerability VCID-c2j7-ywhr-3ff3
16
vulnerability VCID-c5af-wpgt-dkep
17
vulnerability VCID-cbx2-f95n-kqgd
18
vulnerability VCID-cgzf-jppn-q7ff
19
vulnerability VCID-d7zd-p4g6-ryd1
20
vulnerability VCID-de3u-8wqt-uyc2
21
vulnerability VCID-dhdb-wakw-pufe
22
vulnerability VCID-drty-cbue-3kcv
23
vulnerability VCID-e11t-ywn5-v7gp
24
vulnerability VCID-f4vw-12f3-wfgb
25
vulnerability VCID-f5cg-bkw2-hqct
26
vulnerability VCID-f7yk-9pys-t7dr
27
vulnerability VCID-gs48-295u-mqdt
28
vulnerability VCID-hed9-c39j-87g2
29
vulnerability VCID-j9qv-7wsq-mkf6
30
vulnerability VCID-jgxx-v2wj-zkfh
31
vulnerability VCID-jxr2-qjbz-17ha
32
vulnerability VCID-m9aa-5k15-dfap
33
vulnerability VCID-mapb-drtt-rbez
34
vulnerability VCID-mcrd-q5wz-d7dk
35
vulnerability VCID-mwu6-2hxd-efc2
36
vulnerability VCID-n6h3-gsty-sua2
37
vulnerability VCID-p7w5-8ynh-xuh4
38
vulnerability VCID-q7xb-xff7-77cf
39
vulnerability VCID-qn3n-hpd2-7baf
40
vulnerability VCID-qv8v-b5t4-jqb9
41
vulnerability VCID-t6ek-fzh4-mbdu
42
vulnerability VCID-tkcj-gar9-dbbh
43
vulnerability VCID-uaf3-v6zj-uuc3
44
vulnerability VCID-uxdh-6r6k-h7fr
45
vulnerability VCID-v6d4-h4sz-4yad
46
vulnerability VCID-wdud-ckq4-wqfa
47
vulnerability VCID-wzbf-bazj-4kgy
48
vulnerability VCID-xfwh-3838-j7ct
49
vulnerability VCID-xgwg-8q8s-cbfk
50
vulnerability VCID-y92e-mb7u-sueg
51
vulnerability VCID-ycet-r6tz-yyhn
52
vulnerability VCID-zbp5-8ec3-gfe4
53
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18
1
url pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
purl pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-68hd-e927-4kcu
1
vulnerability VCID-81mh-qb4b-n7a8
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-dhdb-wakw-pufe
4
vulnerability VCID-f4vw-12f3-wfgb
5
vulnerability VCID-f5cg-bkw2-hqct
6
vulnerability VCID-pvmk-ymnm-uyah
7
vulnerability VCID-uaf3-v6zj-uuc3
8
vulnerability VCID-xfwh-3838-j7ct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1
aliases CVE-2023-1067, GHSA-f2jh-mf2c-8278
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yah4-88g3-37ak
106
url VCID-ycet-r6tz-yyhn
vulnerability_id VCID-ycet-r6tz-yyhn
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28108
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03487
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28108
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/
url https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch
3
reference_url https://github.com/pimcore/pimcore/pull/14633
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/
url https://github.com/pimcore/pimcore/pull/14633
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28108
reference_id CVE-2023-28108
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28108
5
reference_url https://github.com/advisories/GHSA-xc9p-r5qj-8xm9
reference_id GHSA-xc9p-r5qj-8xm9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xc9p-r5qj-8xm9
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9
reference_id GHSA-xc9p-r5qj-8xm9
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/
url https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.19
purl pkg:composer/pimcore/pimcore@10.5.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-3et6-gmgj-h7bn
2
vulnerability VCID-3ref-crmy-eucd
3
vulnerability VCID-4dk6-cfer-t7b5
4
vulnerability VCID-5qj5-vh6d-7khq
5
vulnerability VCID-5tz5-h4wq-3qfy
6
vulnerability VCID-68hd-e927-4kcu
7
vulnerability VCID-6w41-7cfk-j7cn
8
vulnerability VCID-979q-g8dh-1fgw
9
vulnerability VCID-9ra4-dac9-7qba
10
vulnerability VCID-bb65-xxsn-m3gv
11
vulnerability VCID-c2j7-ywhr-3ff3
12
vulnerability VCID-c5af-wpgt-dkep
13
vulnerability VCID-cbx2-f95n-kqgd
14
vulnerability VCID-de3u-8wqt-uyc2
15
vulnerability VCID-dhdb-wakw-pufe
16
vulnerability VCID-drty-cbue-3kcv
17
vulnerability VCID-e11t-ywn5-v7gp
18
vulnerability VCID-f4vw-12f3-wfgb
19
vulnerability VCID-f5cg-bkw2-hqct
20
vulnerability VCID-f7yk-9pys-t7dr
21
vulnerability VCID-hed9-c39j-87g2
22
vulnerability VCID-j9qv-7wsq-mkf6
23
vulnerability VCID-jgxx-v2wj-zkfh
24
vulnerability VCID-jxr2-qjbz-17ha
25
vulnerability VCID-m9aa-5k15-dfap
26
vulnerability VCID-mapb-drtt-rbez
27
vulnerability VCID-mcrd-q5wz-d7dk
28
vulnerability VCID-mwu6-2hxd-efc2
29
vulnerability VCID-n6h3-gsty-sua2
30
vulnerability VCID-q7xb-xff7-77cf
31
vulnerability VCID-tkcj-gar9-dbbh
32
vulnerability VCID-uaf3-v6zj-uuc3
33
vulnerability VCID-uxdh-6r6k-h7fr
34
vulnerability VCID-v6d4-h4sz-4yad
35
vulnerability VCID-wzbf-bazj-4kgy
36
vulnerability VCID-xfwh-3838-j7ct
37
vulnerability VCID-xgwg-8q8s-cbfk
38
vulnerability VCID-y92e-mb7u-sueg
39
vulnerability VCID-zbp5-8ec3-gfe4
40
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19
aliases CVE-2023-28108, GHSA-xc9p-r5qj-8xm9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ycet-r6tz-yyhn
107
url VCID-ypfe-fdqf-cfcn
vulnerability_id VCID-ypfe-fdqf-cfcn
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23340
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06817
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23340
1
reference_url https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454
2
reference_url https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23340
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23340
4
reference_url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132
5
reference_url https://github.com/advisories/GHSA-h7f9-cvh5-qw7f
reference_id GHSA-h7f9-cvh5-qw7f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7f9-cvh5-qw7f
fixed_packages
0
url pkg:composer/pimcore/pimcore@6.8.8
purl pkg:composer/pimcore/pimcore@6.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6w41-7cfk-j7cn
18
vulnerability VCID-7w3s-bvdz-bfht
19
vulnerability VCID-81mh-qb4b-n7a8
20
vulnerability VCID-84sb-282p-abb6
21
vulnerability VCID-8t1x-kdp9-jkag
22
vulnerability VCID-93rb-sj45-w3fh
23
vulnerability VCID-979q-g8dh-1fgw
24
vulnerability VCID-97te-6pwk-bbb4
25
vulnerability VCID-9m1k-bypd-zber
26
vulnerability VCID-9ra4-dac9-7qba
27
vulnerability VCID-a9e8-ky44-s3gc
28
vulnerability VCID-bb65-xxsn-m3gv
29
vulnerability VCID-bexg-r2xt-6ycy
30
vulnerability VCID-bz3s-p33z-kqf2
31
vulnerability VCID-c2j7-ywhr-3ff3
32
vulnerability VCID-c5af-wpgt-dkep
33
vulnerability VCID-cbx2-f95n-kqgd
34
vulnerability VCID-cgzf-jppn-q7ff
35
vulnerability VCID-d7zd-p4g6-ryd1
36
vulnerability VCID-de3u-8wqt-uyc2
37
vulnerability VCID-dhdb-wakw-pufe
38
vulnerability VCID-drty-cbue-3kcv
39
vulnerability VCID-e11t-ywn5-v7gp
40
vulnerability VCID-f4vw-12f3-wfgb
41
vulnerability VCID-f5cg-bkw2-hqct
42
vulnerability VCID-f7yk-9pys-t7dr
43
vulnerability VCID-f92t-4uw8-67hh
44
vulnerability VCID-fhsn-akes-rqey
45
vulnerability VCID-fnz2-pbtj-43ak
46
vulnerability VCID-fpuf-6uyn-hydv
47
vulnerability VCID-fvku-th2k-93d8
48
vulnerability VCID-gda3-s5cp-w7d4
49
vulnerability VCID-ggje-p3cm-fyhe
50
vulnerability VCID-gs48-295u-mqdt
51
vulnerability VCID-gs7u-m432-yqaw
52
vulnerability VCID-hed9-c39j-87g2
53
vulnerability VCID-hn1d-5fbq-cyc7
54
vulnerability VCID-hvgj-5hjn-cbhb
55
vulnerability VCID-j5pq-ekja-jffv
56
vulnerability VCID-j9qv-7wsq-mkf6
57
vulnerability VCID-jgxx-v2wj-zkfh
58
vulnerability VCID-jx3r-bxmm-hfaw
59
vulnerability VCID-jxr2-qjbz-17ha
60
vulnerability VCID-m756-fmwt-dfbf
61
vulnerability VCID-m9aa-5k15-dfap
62
vulnerability VCID-mapb-drtt-rbez
63
vulnerability VCID-mcrd-q5wz-d7dk
64
vulnerability VCID-mhz5-dnv5-6uas
65
vulnerability VCID-mwu6-2hxd-efc2
66
vulnerability VCID-n6h3-gsty-sua2
67
vulnerability VCID-p7w5-8ynh-xuh4
68
vulnerability VCID-paqt-sa9x-2qcm
69
vulnerability VCID-pnn8-zfvf-wqcf
70
vulnerability VCID-px53-r47y-tbds
71
vulnerability VCID-q7xb-xff7-77cf
72
vulnerability VCID-qbz4-eznm-e3hw
73
vulnerability VCID-qn3n-hpd2-7baf
74
vulnerability VCID-qv8v-b5t4-jqb9
75
vulnerability VCID-r34d-uefq-skam
76
vulnerability VCID-sbqb-c913-rqhb
77
vulnerability VCID-smn4-dvb2-u7hb
78
vulnerability VCID-t6ek-fzh4-mbdu
79
vulnerability VCID-tkcj-gar9-dbbh
80
vulnerability VCID-trf7-n9zr-bubx
81
vulnerability VCID-tzjt-fdqe-s7ct
82
vulnerability VCID-uaf3-v6zj-uuc3
83
vulnerability VCID-ud81-gjp6-s3ac
84
vulnerability VCID-ur7d-jx1z-kbet
85
vulnerability VCID-uukc-b952-zbgk
86
vulnerability VCID-uxdh-6r6k-h7fr
87
vulnerability VCID-v6d4-h4sz-4yad
88
vulnerability VCID-v9ts-sd7r-gff2
89
vulnerability VCID-w7q9-zspa-pfb7
90
vulnerability VCID-wdud-ckq4-wqfa
91
vulnerability VCID-wura-bb97-rbg7
92
vulnerability VCID-wzbf-bazj-4kgy
93
vulnerability VCID-x7pr-fcen-r7d5
94
vulnerability VCID-xa87-8qgt-t7az
95
vulnerability VCID-xfwh-3838-j7ct
96
vulnerability VCID-xgwg-8q8s-cbfk
97
vulnerability VCID-y92e-mb7u-sueg
98
vulnerability VCID-yah4-88g3-37ak
99
vulnerability VCID-ycet-r6tz-yyhn
100
vulnerability VCID-zbp5-8ec3-gfe4
101
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.8.8
aliases CVE-2021-23340, GHSA-h7f9-cvh5-qw7f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypfe-fdqf-cfcn
108
url VCID-z739-9aw2-83gp
vulnerability_id VCID-z739-9aw2-83gp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16318
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00826
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16318
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/732f1647cc6e0a29b5b1f5d904b4d726b5e9455f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/commit/732f1647cc6e0a29b5b1f5d904b4d726b5e9455f
3
reference_url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451598
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451598
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16318
reference_id CVE-2019-16318
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16318
fixed_packages
0
url pkg:composer/pimcore/pimcore@5.7.1
purl pkg:composer/pimcore/pimcore@5.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13m1-u59p-eue5
1
vulnerability VCID-1hqj-r197-dyfe
2
vulnerability VCID-1r65-1mjp-23gr
3
vulnerability VCID-1w28-9z15-4qck
4
vulnerability VCID-295b-zzh8-q3h3
5
vulnerability VCID-2jc7-hjcd-3qfb
6
vulnerability VCID-2u9x-hqp2-77g6
7
vulnerability VCID-354d-zv99-73g6
8
vulnerability VCID-3et6-gmgj-h7bn
9
vulnerability VCID-3ref-crmy-eucd
10
vulnerability VCID-3xpj-x3xh-7ub9
11
vulnerability VCID-4dk6-cfer-t7b5
12
vulnerability VCID-4p8y-eknc-zfgn
13
vulnerability VCID-55g4-28a9-u7dc
14
vulnerability VCID-5qj5-vh6d-7khq
15
vulnerability VCID-5tz5-h4wq-3qfy
16
vulnerability VCID-68hd-e927-4kcu
17
vulnerability VCID-6ph4-dkvv-eybx
18
vulnerability VCID-6w41-7cfk-j7cn
19
vulnerability VCID-7w3s-bvdz-bfht
20
vulnerability VCID-81mh-qb4b-n7a8
21
vulnerability VCID-84sb-282p-abb6
22
vulnerability VCID-8t1x-kdp9-jkag
23
vulnerability VCID-93rb-sj45-w3fh
24
vulnerability VCID-979q-g8dh-1fgw
25
vulnerability VCID-97te-6pwk-bbb4
26
vulnerability VCID-9m1k-bypd-zber
27
vulnerability VCID-9ra4-dac9-7qba
28
vulnerability VCID-a9e8-ky44-s3gc
29
vulnerability VCID-bb65-xxsn-m3gv
30
vulnerability VCID-bexg-r2xt-6ycy
31
vulnerability VCID-bz3s-p33z-kqf2
32
vulnerability VCID-c2j7-ywhr-3ff3
33
vulnerability VCID-c5af-wpgt-dkep
34
vulnerability VCID-cbx2-f95n-kqgd
35
vulnerability VCID-cgzf-jppn-q7ff
36
vulnerability VCID-d7zd-p4g6-ryd1
37
vulnerability VCID-de3u-8wqt-uyc2
38
vulnerability VCID-dhdb-wakw-pufe
39
vulnerability VCID-dr21-xtsw-f3b8
40
vulnerability VCID-drty-cbue-3kcv
41
vulnerability VCID-e11t-ywn5-v7gp
42
vulnerability VCID-f4vw-12f3-wfgb
43
vulnerability VCID-f5cg-bkw2-hqct
44
vulnerability VCID-f7yk-9pys-t7dr
45
vulnerability VCID-f92t-4uw8-67hh
46
vulnerability VCID-fb1z-259v-g7hp
47
vulnerability VCID-fhsn-akes-rqey
48
vulnerability VCID-fnz2-pbtj-43ak
49
vulnerability VCID-fpuf-6uyn-hydv
50
vulnerability VCID-fvku-th2k-93d8
51
vulnerability VCID-gda3-s5cp-w7d4
52
vulnerability VCID-ggje-p3cm-fyhe
53
vulnerability VCID-gs48-295u-mqdt
54
vulnerability VCID-gs7u-m432-yqaw
55
vulnerability VCID-hed9-c39j-87g2
56
vulnerability VCID-hn1d-5fbq-cyc7
57
vulnerability VCID-hvgj-5hjn-cbhb
58
vulnerability VCID-j5pq-ekja-jffv
59
vulnerability VCID-j9qv-7wsq-mkf6
60
vulnerability VCID-jgxx-v2wj-zkfh
61
vulnerability VCID-jx3r-bxmm-hfaw
62
vulnerability VCID-jxr2-qjbz-17ha
63
vulnerability VCID-m756-fmwt-dfbf
64
vulnerability VCID-m9aa-5k15-dfap
65
vulnerability VCID-mapb-drtt-rbez
66
vulnerability VCID-mcrd-q5wz-d7dk
67
vulnerability VCID-mhz5-dnv5-6uas
68
vulnerability VCID-mwu6-2hxd-efc2
69
vulnerability VCID-n6h3-gsty-sua2
70
vulnerability VCID-p7w5-8ynh-xuh4
71
vulnerability VCID-paqt-sa9x-2qcm
72
vulnerability VCID-pnn8-zfvf-wqcf
73
vulnerability VCID-px53-r47y-tbds
74
vulnerability VCID-q7xb-xff7-77cf
75
vulnerability VCID-qbz4-eznm-e3hw
76
vulnerability VCID-qn3n-hpd2-7baf
77
vulnerability VCID-qv8v-b5t4-jqb9
78
vulnerability VCID-r34d-uefq-skam
79
vulnerability VCID-sbqb-c913-rqhb
80
vulnerability VCID-sccv-pzyk-cka7
81
vulnerability VCID-smn4-dvb2-u7hb
82
vulnerability VCID-t6ek-fzh4-mbdu
83
vulnerability VCID-tkcj-gar9-dbbh
84
vulnerability VCID-tpk1-5fw2-pfgc
85
vulnerability VCID-trf7-n9zr-bubx
86
vulnerability VCID-tzjt-fdqe-s7ct
87
vulnerability VCID-uaf3-v6zj-uuc3
88
vulnerability VCID-ud81-gjp6-s3ac
89
vulnerability VCID-ur7d-jx1z-kbet
90
vulnerability VCID-uukc-b952-zbgk
91
vulnerability VCID-uxdh-6r6k-h7fr
92
vulnerability VCID-v6d4-h4sz-4yad
93
vulnerability VCID-v9ts-sd7r-gff2
94
vulnerability VCID-w7q9-zspa-pfb7
95
vulnerability VCID-wdud-ckq4-wqfa
96
vulnerability VCID-wura-bb97-rbg7
97
vulnerability VCID-wzbf-bazj-4kgy
98
vulnerability VCID-x7pr-fcen-r7d5
99
vulnerability VCID-xa87-8qgt-t7az
100
vulnerability VCID-xfwh-3838-j7ct
101
vulnerability VCID-xgwg-8q8s-cbfk
102
vulnerability VCID-y92e-mb7u-sueg
103
vulnerability VCID-yah4-88g3-37ak
104
vulnerability VCID-ycet-r6tz-yyhn
105
vulnerability VCID-ypfe-fdqf-cfcn
106
vulnerability VCID-zbp5-8ec3-gfe4
107
vulnerability VCID-zth5-afz8-uya7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.7.1
aliases CVE-2019-16318, GHSA-cxj7-4jpj-2q38
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z739-9aw2-83gp
109
url VCID-zbp5-8ec3-gfe4
vulnerability_id VCID-zbp5-8ec3-gfe4
summary Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2984
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00654
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2984
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T19:58:45Z/
url https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed
3
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-46g3-f9r8-xj4v
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-46g3-f9r8-xj4v
4
reference_url https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T19:58:45Z/
url https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2984
reference_id CVE-2023-2984
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2984
6
reference_url https://github.com/advisories/GHSA-46g3-f9r8-xj4v
reference_id GHSA-46g3-f9r8-xj4v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46g3-f9r8-xj4v
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.22
purl pkg:composer/pimcore/pimcore@10.5.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.22
aliases CVE-2023-2984, GHSA-46g3-f9r8-xj4v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbp5-8ec3-gfe4
110
url VCID-zth5-afz8-uya7
vulnerability_id VCID-zth5-afz8-uya7
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2341
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04482
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2341
1
reference_url https://github.com/pimcore/pimcore
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore
2
reference_url https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:03Z/
url https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11
3
reference_url https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:03Z/
url https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2341
reference_id CVE-2023-2341
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2341
5
reference_url https://github.com/advisories/GHSA-fq95-rx4q-qgg2
reference_id GHSA-fq95-rx4q-qgg2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fq95-rx4q-qgg2
6
reference_url https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2
reference_id GHSA-fq95-rx4q-qgg2
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2
fixed_packages
0
url pkg:composer/pimcore/pimcore@10.5.21
purl pkg:composer/pimcore/pimcore@10.5.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hqj-r197-dyfe
1
vulnerability VCID-68hd-e927-4kcu
2
vulnerability VCID-bb65-xxsn-m3gv
3
vulnerability VCID-cbx2-f95n-kqgd
4
vulnerability VCID-de3u-8wqt-uyc2
5
vulnerability VCID-dhdb-wakw-pufe
6
vulnerability VCID-f4vw-12f3-wfgb
7
vulnerability VCID-f5cg-bkw2-hqct
8
vulnerability VCID-hed9-c39j-87g2
9
vulnerability VCID-mcrd-q5wz-d7dk
10
vulnerability VCID-q7xb-xff7-77cf
11
vulnerability VCID-uaf3-v6zj-uuc3
12
vulnerability VCID-wzbf-bazj-4kgy
13
vulnerability VCID-xfwh-3838-j7ct
14
vulnerability VCID-xgwg-8q8s-cbfk
15
vulnerability VCID-zbp5-8ec3-gfe4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21
aliases CVE-2023-2341, GHSA-fq95-rx4q-qgg2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zth5-afz8-uya7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.6.1