Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/429673?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/429673?format=api", "purl": "pkg:composer/pimcore/pimcore@2.3.0", "type": "composer", "namespace": "pimcore", "name": "pimcore", "version": "2.3.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "12.3.4", "latest_non_vulnerable_version": "12.3.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175006?format=api", "vulnerability_id": "VCID-16vs-u1gr-g3ch", "summary": "If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01474", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01483", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01465", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01468", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3255" }, { "reference_url": "https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902", "reference_id": "0ea45cf9-b256-454c-9031-2435294c0902", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-28T15:21:24Z/" } ], "url": "https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b", "reference_id": "1e916e7d668c9e47b217e20cc0ea4812f466201b", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-28T15:21:24Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3255", "reference_id": "CVE-2022-3255", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3255" }, { "reference_url": "https://github.com/advisories/GHSA-wqr6-57qm-hhr5", "reference_id": "GHSA-wqr6-57qm-hhr5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wqr6-57qm-hhr5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26993?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.7" } ], "aliases": [ "CVE-2022-3255", "GHSA-wqr6-57qm-hhr5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-16vs-u1gr-g3ch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208945?format=api", "vulnerability_id": "VCID-19kg-dggk-9bgb", "summary": "SQL Injection found in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.4637", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46225", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46368", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46382", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1429" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82" }, { "reference_url": "https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1429", "reference_id": "CVE-2022-1429", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1429" }, { "reference_url": "https://github.com/advisories/GHSA-2v7p-f4qm-r5pc", "reference_id": "GHSA-2v7p-f4qm-r5pc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2v7p-f4qm-r5pc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20259?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.6" } ], "aliases": [ "CVE-2022-1429", "GHSA-2v7p-f4qm-r5pc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-19kg-dggk-9bgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/341921?format=api", "vulnerability_id": "VCID-1e6u-83q7-kbcm", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11025", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11088", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11082", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1105", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37702" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/9992", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/9992" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37702", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37702" }, { "reference_url": "https://github.com/advisories/GHSA-pp2h-95hm-hv9r", "reference_id": "GHSA-pp2h-95hm-hv9r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp2h-95hm-hv9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382861?format=api", "purl": "pkg:composer/pimcore/pimcore@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.1" } ], "aliases": [ "CVE-2021-37702", "GHSA-pp2h-95hm-hv9r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1e6u-83q7-kbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134129?format=api", "vulnerability_id": "VCID-1ghg-916g-5ycf", "summary": "Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03387", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03405", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03401", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0339", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28108" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28108", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28108" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch", "reference_id": "08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14633", "reference_id": "14633", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14633" }, { "reference_url": "https://github.com/advisories/GHSA-xc9p-r5qj-8xm9", "reference_id": "GHSA-xc9p-r5qj-8xm9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc9p-r5qj-8xm9" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9", "reference_id": "GHSA-xc9p-r5qj-8xm9", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-28108", "GHSA-xc9p-r5qj-8xm9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ghg-916g-5ycf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209939?format=api", "vulnerability_id": "VCID-1rf9-bjfm-cybk", "summary": "Pimcore Unserialize Remote Code Execution", "references": [ { "reference_url": "http://packetstormsecurity.com/files/152667/Pimcore-Unserialize-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/152667/Pimcore-Unserialize-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52728", "scoring_system": "epss", "scoring_elements": "0.98012", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.52728", "scoring_system": "epss", "scoring_elements": "0.98011", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.52728", "scoring_system": "epss", "scoring_elements": "0.98003", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10867" }, { "reference_url": "https://blog.certimetergroup.com/it/articolo/security/polyglot_phar_deserialization_to_rce", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.certimetergroup.com/it/articolo/security/polyglot_phar_deserialization_to_rce" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/38a29e2f4f5f060a73974626952501cee05fda73", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/38a29e2f4f5f060a73974626952501cee05fda73" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-173998", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-173998" }, { "reference_url": "https://www.exploit-db.com/exploits/46783", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46783" }, { "reference_url": "https://www.exploit-db.com/exploits/46783/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46783/" }, { "reference_url": "http://www.rapid7.com/db/modules/exploit/multi/http/pimcore_unserialize_rce", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/pimcore_unserialize_rce" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46783.rb", "reference_id": "CVE-2019-10867", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46783.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10867", "reference_id": "CVE-2019-10867", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10867" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/pimcore_unserialize_rce.rb", "reference_id": "CVE-2019-10867", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/pimcore_unserialize_rce.rb" }, { "reference_url": "https://github.com/advisories/GHSA-7hqr-j26m-gmwp", "reference_id": "GHSA-7hqr-j26m-gmwp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7hqr-j26m-gmwp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21873?format=api", "purl": "pkg:composer/pimcore/pimcore@5.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-39gk-fakk-syek" }, { "vulnerability": "VCID-3axp-csny-ryd8" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zaw5-m5vq-myc6" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.7.1" } ], "aliases": [ "CVE-2019-10867", "GHSA-7hqr-j26m-gmwp" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rf9-bjfm-cybk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150898?format=api", "vulnerability_id": "VCID-2dhw-5ft3-4udh", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01362", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01366", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01352", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2615" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2615", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2615" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f", "reference_id": "7a799399e6843cd049e85da27ceb75b78505317f", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:41:26Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f" }, { "reference_url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a", "reference_id": "af9c360a-87f8-4e97-a24b-6db675ee942a", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:41:26Z/" } ], "url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a" }, { "reference_url": "https://github.com/advisories/GHSA-q7cc-m6jw-m262", "reference_id": "GHSA-q7cc-m6jw-m262", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q7cc-m6jw-m262" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2615", "GHSA-q7cc-m6jw-m262" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dhw-5ft3-4udh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211484?format=api", "vulnerability_id": "VCID-2n5e-7xn6-4ubt", "summary": "RCE vulnerability in Pimcore/Mail & Dynamic Text Layout", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42861", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42691", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42872", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00205", "scoring_system": "epss", "scoring_elements": "0.42852", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39365" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/43aa34e018f5cd447bceb864358285ba92f68372", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/43aa34e018f5cd447bceb864358285ba92f68372" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/13347", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/13347" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/13347.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/13347.patch" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39365", "reference_id": "CVE-2022-39365", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39365" }, { "reference_url": "https://github.com/advisories/GHSA-5qxq-vgmm-q39m", "reference_id": "GHSA-5qxq-vgmm-q39m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5qxq-vgmm-q39m" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-5qxq-vgmm-q39m", "reference_id": "GHSA-5qxq-vgmm-q39m", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-5qxq-vgmm-q39m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27672?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.9" } ], "aliases": [ "CVE-2022-39365", "GHSA-5qxq-vgmm-q39m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2n5e-7xn6-4ubt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361016?format=api", "vulnerability_id": "VCID-35c5-mzwz-8bgw", "summary": "Withdrawn Advisory: Pimcore vulnerable to Cross-site Scripting\n## Withdrawn Advisory\nThis advisory has been withdrawn because the maintainers no longer consider this to be a security issue. This link is maintained to preserve external references.\n\n## Original Description\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/da2af2d413b144b9a742118124457d13232d31fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/da2af2d413b144b9a742118124457d13232d31fd" }, { "reference_url": "https://huntr.dev/bounties/04447124-c7d4-477f-8364-91fe5b59cda0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/04447124-c7d4-477f-8364-91fe5b59cda0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1247", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1247" }, { "reference_url": "https://github.com/advisories/GHSA-8wg7-88cg-7p9j", "reference_id": "GHSA-8wg7-88cg-7p9j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wg7-88cg-7p9j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31913?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-wvt7-h158-8kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0" } ], "aliases": [ "CVE-2023-1247", "GHSA-8wg7-88cg-7p9j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35c5-mzwz-8bgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/313578?format=api", "vulnerability_id": "VCID-39gk-fakk-syek", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18985", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00656", "published_at": "2026-06-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00655", "published_at": "2026-06-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0066", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18985" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/9f2d075243a8392c114d9a8028858b9faf041e2d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/9f2d075243a8392c114d9a8028858b9faf041e2d" }, { "reference_url": "https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18985", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18985" }, { "reference_url": "https://github.com/advisories/GHSA-hf62-5vxh-jpwj", "reference_id": "GHSA-hf62-5vxh-jpwj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hf62-5vxh-jpwj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385331?format=api", "purl": "pkg:composer/pimcore/pimcore@6.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3faz-tfm7-mfag" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.2.2" } ], "aliases": [ "CVE-2019-18985", "GHSA-hf62-5vxh-jpwj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39gk-fakk-syek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/313579?format=api", "vulnerability_id": "VCID-3axp-csny-ryd8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18986", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00778", "published_at": "2026-06-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00775", "published_at": "2026-06-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0078", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18986" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/4a7bba5c3f818852cbbd29fa124f7fb09a207185", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/4a7bba5c3f818852cbbd29fa124f7fb09a207185" }, { "reference_url": "https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18986", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18986" }, { "reference_url": "https://github.com/advisories/GHSA-8889-9g3f-73rj", "reference_id": "GHSA-8889-9g3f-73rj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8889-9g3f-73rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385331?format=api", "purl": "pkg:composer/pimcore/pimcore@6.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3faz-tfm7-mfag" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.2.2" } ], "aliases": [ "CVE-2019-18986", "GHSA-8889-9g3f-73rj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3axp-csny-ryd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150893?format=api", "vulnerability_id": "VCID-3b57-hrf9-z3e2", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04355", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04356", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04365", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2341" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2341", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2341" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11", "reference_id": "66f1089fb1b9bcd575bfce9b1d4abb0f0499df11", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:03Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11" }, { "reference_url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d", "reference_id": "cf3901ac-a649-478f-ab08-094ef759c11d", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:03Z/" } ], "url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d" }, { "reference_url": "https://github.com/advisories/GHSA-fq95-rx4q-qgg2", "reference_id": "GHSA-fq95-rx4q-qgg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fq95-rx4q-qgg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2341", "GHSA-fq95-rx4q-qgg2" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3b57-hrf9-z3e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150942?format=api", "vulnerability_id": "VCID-3hs9-ywbk-rbdy", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2342", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02092", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02086", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02084", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02081", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2342" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2342", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2342" }, { "reference_url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829", "reference_id": "01cd3ed5-dce8-4021-9de0-81cb14bf1829", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:31:26Z/" } ], "url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564", "reference_id": "42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:31:26Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564" }, { "reference_url": "https://github.com/advisories/GHSA-2c67-p4xh-m34w", "reference_id": "GHSA-2c67-p4xh-m34w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2c67-p4xh-m34w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2342", "GHSA-2c67-p4xh-m34w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hs9-ywbk-rbdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/326420?format=api", "vulnerability_id": "VCID-3kex-5jub-5ff8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26246", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00288", "published_at": "2026-06-11T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00287", "published_at": "2026-06-13T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00289", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26246" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26246", "reference_id": "CVE-2020-26246", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/485875?format=api", "purl": "pkg:composer/pimcore/pimcore@6.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.8.5" } ], "aliases": [ "CVE-2020-26246", "GHSA-7p8p-4253-3mg6" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kex-5jub-5ff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361007?format=api", "vulnerability_id": "VCID-3q4h-tcnp-7qa1", "summary": "Reflected XSS in Application Logger module\n### Impact\nThis vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.\n\n### Patches\nUpdate to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14606.patch\n\n### Workarounds\nApply https://github.com/pimcore/pimcore/pull/14606.patch manually.\n\n### References\nhttps://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/pull/14606", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14606" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14606.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14606.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc" }, { "reference_url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1312" }, { "reference_url": "https://github.com/advisories/GHSA-2xpm-cmvw-3jcc", "reference_id": "GHSA-2xpm-cmvw-3jcc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xpm-cmvw-3jcc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "GHSA-2xpm-cmvw-3jcc", "GMS-2023-779" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3q4h-tcnp-7qa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208504?format=api", "vulnerability_id": "VCID-3xuv-b8w7-d7hf", "summary": "Cross-site Scripting in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.106", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10542", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10577", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10602", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0704" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/11447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/11447" }, { "reference_url": "https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0704", "reference_id": "CVE-2022-0704", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0704" }, { "reference_url": "https://github.com/advisories/GHSA-pc32-x737-74cv", "reference_id": "GHSA-pc32-x737-74cv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pc32-x737-74cv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18988?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19728?format=api", "purl": "pkg:composer/pimcore/pimcore@10.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0" } ], "aliases": [ "CVE-2022-0704", "GHSA-pc32-x737-74cv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xuv-b8w7-d7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/335434?format=api", "vulnerability_id": "VCID-42kn-ucws-muhu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08218", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08254", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08251", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0825", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23405" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/9572", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/9572" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23405", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23405" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1316297", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1316297" }, { "reference_url": "https://github.com/advisories/GHSA-g8jx-66p8-vcm2", "reference_id": "GHSA-g8jx-66p8-vcm2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g8jx-66p8-vcm2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383148?format=api", "purl": "pkg:composer/pimcore/pimcore@10.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.0.7" } ], "aliases": [ "CVE-2021-23405", "GHSA-g8jx-66p8-vcm2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42kn-ucws-muhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151835?format=api", "vulnerability_id": "VCID-4ar7-yac3-fkf7", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3821", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00386", "published_at": "2026-06-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0039", "published_at": "2026-06-14T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00383", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00382", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3821" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3821", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3821" }, { "reference_url": "https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa", "reference_id": "599ba4f6-c900-4161-9127-f1e6a6e29aaa", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:28:26Z/" } ], "url": "https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c", "reference_id": "92811f07d39e4ad95c92003868f5f7309489d79c", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:28:26Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c" }, { "reference_url": "https://github.com/advisories/GHSA-78q2-cv3p-x9fm", "reference_id": "GHSA-78q2-cv3p-x9fm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-78q2-cv3p-x9fm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381342?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4" } ], "aliases": [ "CVE-2023-3821", "GHSA-78q2-cv3p-x9fm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ar7-yac3-fkf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129775?format=api", "vulnerability_id": "VCID-4jxn-m7de-5yay", "summary": "Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20426", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20403", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20229", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20404", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30850" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30850", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30850" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14952", "reference_id": "14952", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14952" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch", "reference_id": "7e32cc28145274ddfc30fb791012d26c1278bd38.patch", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch" }, { "reference_url": "https://github.com/advisories/GHSA-jwg4-qcgv-5wg6", "reference_id": "GHSA-jwg4-qcgv-5wg6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwg4-qcgv-5wg6" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6", "reference_id": "GHSA-jwg4-qcgv-5wg6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30850", "GHSA-jwg4-qcgv-5wg6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4jxn-m7de-5yay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129851?format=api", "vulnerability_id": "VCID-4n7p-vgv2-2qc3", "summary": "Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the \"scriptPath\" parameter and the file name in the \"scripts\" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01137", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01145", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01136", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01142", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30852" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30852", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30852" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14959", "reference_id": "14959", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14959" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch", "reference_id": "498cadec2292f7842fb10612068ac78496e884b4.patch", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch" }, { "reference_url": "https://github.com/advisories/GHSA-j5c3-r84f-9596", "reference_id": "GHSA-j5c3-r84f-9596", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5c3-r84f-9596" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596", "reference_id": "GHSA-j5c3-r84f-9596", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30852", "GHSA-j5c3-r84f-9596" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4n7p-vgv2-2qc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150644?format=api", "vulnerability_id": "VCID-4tqk-ragu-h7ce", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01352", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01366", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01362", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2614" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2614", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2614" }, { "reference_url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6", "reference_id": "1a5e6c65-2c5e-4617-9411-5b47a7e743a6", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:42:03Z/" } ], "url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7", "reference_id": "c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:42:03Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7" }, { "reference_url": "https://github.com/advisories/GHSA-m6m9-gr85-79vm", "reference_id": "GHSA-m6m9-gr85-79vm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6m9-gr85-79vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2614", "GHSA-m6m9-gr85-79vm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tqk-ragu-h7ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208263?format=api", "vulnerability_id": "VCID-5ds5-2ey4-u7gm", "summary": "Path traversal in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06734", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06714", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06706", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06723", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0665" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e" }, { "reference_url": "https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0665", "reference_id": "CVE-2022-0665", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0665" }, { "reference_url": "https://github.com/advisories/GHSA-gjq4-69wj-p6pr", "reference_id": "GHSA-gjq4-69wj-p6pr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjq4-69wj-p6pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19488?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.2" } ], "aliases": [ "CVE-2022-0665", "GHSA-gjq4-69wj-p6pr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ds5-2ey4-u7gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133954?format=api", "vulnerability_id": "VCID-6286-wv98-9uht", "summary": "Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08012", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0804", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08047", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08043", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28438" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28438", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28438" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14526", "reference_id": "14526", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14526" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch", "reference_id": "d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch" }, { "reference_url": "https://github.com/advisories/GHSA-vf7q-g2pv-jxvx", "reference_id": "GHSA-vf7q-g2pv-jxvx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vf7q-g2pv-jxvx" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx", "reference_id": "GHSA-vf7q-g2pv-jxvx", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-28438", "GHSA-vf7q-g2pv-jxvx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6286-wv98-9uht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211338?format=api", "vulnerability_id": "VCID-6etn-5u58-sqgg", "summary": "Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05799", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05775", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0578", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0579", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3211" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/13129", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/13129" }, { "reference_url": "https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3211", "reference_id": "CVE-2022-3211", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3211" }, { "reference_url": "https://github.com/advisories/GHSA-4849-x3jx-45qr", "reference_id": "GHSA-4849-x3jx-45qr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4849-x3jx-45qr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26293?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.6" } ], "aliases": [ "CVE-2022-3211", "GHSA-4849-x3jx-45qr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6etn-5u58-sqgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150999?format=api", "vulnerability_id": "VCID-6fw4-9qqw-bqen", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2343", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01025", "published_at": "2026-06-14T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01015", "published_at": "2026-06-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01022", "published_at": "2026-06-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01017", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2343" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2343", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2343" }, { "reference_url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2", "reference_id": "2fa17227-a717-4b66-ab5a-16bffbb4edb2", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:04:53Z/" } ], "url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e", "reference_id": "f1d904094700b513c4756904fa2b1e19d08d890e", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:04:53Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e" }, { "reference_url": "https://github.com/advisories/GHSA-9q7q-r54q-3f3g", "reference_id": "GHSA-9q7q-r54q-3f3g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9q7q-r54q-3f3g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2343", "GHSA-9q7q-r54q-3f3g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fw4-9qqw-bqen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147532?format=api", "vulnerability_id": "VCID-6uw7-89nn-tkg3", "summary": "Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.7657", "scoring_system": "epss", "scoring_elements": "0.98967", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.7657", "scoring_system": "epss", "scoring_elements": "0.98971", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.7657", "scoring_system": "epss", "scoring_elements": "0.9897", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47637" }, { "reference_url": "https://github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php#L285-L312", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php#L285-L312" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47637", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47637" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0", "reference_id": "d164d99c90f098d0ccd6b72929c48b727e2953a0", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0" }, { "reference_url": "https://github.com/advisories/GHSA-72hh-xf79-429p", "reference_id": "GHSA-72hh-xf79-429p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72hh-xf79-429p" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p", "reference_id": "GHSA-72hh-xf79-429p", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p" }, { "reference_url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311", "reference_id": "GridHelperService.php#L311", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/" } ], "url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381281?format=api", "purl": "pkg:composer/pimcore/pimcore@11.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2b8z-rbsm-1fbp" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-wvt7-h158-8kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.1.1" } ], "aliases": [ "CVE-2023-47637", "GHSA-72hh-xf79-429p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6uw7-89nn-tkg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208482?format=api", "vulnerability_id": "VCID-6z66-zt5u-ybbc", "summary": "Cross-site Scripting in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04225", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04213", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04216", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0893" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/11447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/11447" }, { "reference_url": "https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0893", "reference_id": "CVE-2022-0893", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0893" }, { "reference_url": "https://github.com/advisories/GHSA-g795-4hxx-qqwm", "reference_id": "GHSA-g795-4hxx-qqwm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g795-4hxx-qqwm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18988?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19728?format=api", "purl": "pkg:composer/pimcore/pimcore@10.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0" } ], "aliases": [ "CVE-2022-0893", "GHSA-g795-4hxx-qqwm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6z66-zt5u-ybbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151138?format=api", "vulnerability_id": "VCID-7191-wmtq-7fdg", "summary": "Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01587", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01601", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0159", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01593", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2336" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2336", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2336" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4", "reference_id": "498cadec2292f7842fb10612068ac78496e884b4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:58Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4" }, { "reference_url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14", "reference_id": "af764624-7746-4f53-8480-85348dbb4f14", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:58Z/" } ], "url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14" }, { "reference_url": "https://github.com/advisories/GHSA-hg77-vx9v-f49x", "reference_id": "GHSA-hg77-vx9v-f49x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hg77-vx9v-f49x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2336", "GHSA-hg77-vx9v-f49x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7191-wmtq-7fdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360976?format=api", "vulnerability_id": "VCID-79ph-2nu8-4bhf", "summary": "Cross Site Scripting (XSS) in Model\\DataObject\\Data\\UrlSlug\n### Impact\nAn attacker can use XSS to send a malicious script to an unsuspecting user.\n\n### Patches\nUpdate to version 10.5.17 or apply this patch manually https://github.com/pimcore/pimcore/pull/14301.patch\n\n### Workarounds\nApply https://github.com/pimcore/pimcore/pull/14301.patch manually.\n\n### References\nhttps://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422/", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-76r7-h46w-463r", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-76r7-h46w-463r" }, { "reference_url": "https://github.com/advisories/GHSA-76r7-h46w-463r", "reference_id": "GHSA-76r7-h46w-463r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76r7-h46w-463r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380533?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/30766?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "GHSA-76r7-h46w-463r", "GMS-2023-363" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-79ph-2nu8-4bhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173191?format=api", "vulnerability_id": "VCID-7kzv-g2ns-e7gr", "summary": "Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17093", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17066", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17081", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16924", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0565" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245", "reference_id": "7697f709a501860144352696e583a2533a6e1245", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T19:16:12Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245" }, { "reference_url": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5", "reference_id": "b0b29656-4bbe-41cf-92f6-8579df0b6de5", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T19:16:12Z/" } ], "url": "https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0565", "reference_id": "CVE-2022-0565", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0565" }, { "reference_url": "https://github.com/advisories/GHSA-h9vc-2p9g-63gp", "reference_id": "GHSA-h9vc-2p9g-63gp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h9vc-2p9g-63gp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18988?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1" } ], "aliases": [ "CVE-2022-0565", "GHSA-h9vc-2p9g-63gp" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kzv-g2ns-e7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/312542?format=api", "vulnerability_id": "VCID-7r3k-vnfw-vqe3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01499", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01502", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01506", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01516", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16317" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6ee5d8536d0802e377594cbe39083e822710aab9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/6ee5d8536d0802e377594cbe39083e822710aab9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16317", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16317" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451599", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451599" }, { "reference_url": "https://github.com/advisories/GHSA-352x-hc2f-fwff", "reference_id": "GHSA-352x-hc2f-fwff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-352x-hc2f-fwff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21873?format=api", "purl": "pkg:composer/pimcore/pimcore@5.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-39gk-fakk-syek" }, { "vulnerability": "VCID-3axp-csny-ryd8" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zaw5-m5vq-myc6" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.7.1" } ], "aliases": [ "CVE-2019-16317", "GHSA-352x-hc2f-fwff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7r3k-vnfw-vqe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144547?format=api", "vulnerability_id": "VCID-7rvk-x76k-rkex", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03926", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03918", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03937", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1515" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14562", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14562" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14562.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14562.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-66cm-c7ch-5j8q", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-66cm-c7ch-5j8q" }, { "reference_url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1515", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1515" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964", "reference_id": "44c6b37aa649a0e3105fa41f3d74a3e511acf964", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:23:15Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964" }, { "reference_url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282", "reference_id": "ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:23:15Z/" } ], "url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282" }, { "reference_url": "https://github.com/advisories/GHSA-66cm-c7ch-5j8q", "reference_id": "GHSA-66cm-c7ch-5j8q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66cm-c7ch-5j8q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-1515", "GHSA-66cm-c7ch-5j8q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rvk-x76k-rkex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144590?format=api", "vulnerability_id": "VCID-843n-ga86-syg7", "summary": "SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03609", "scoring_system": "epss", "scoring_elements": "0.88093", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03609", "scoring_system": "epss", "scoring_elements": "0.88097", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03609", "scoring_system": "epss", "scoring_elements": "0.88053", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03609", "scoring_system": "epss", "scoring_elements": "0.88099", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1578" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14538", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14538" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-42c3-wvww-gcqj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-42c3-wvww-gcqj" }, { "reference_url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1578", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1578" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2", "reference_id": "367b74488808d71ec3f66f4ca9e8df5217c2c8d2", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-25T19:51:39Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2" }, { "reference_url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e", "reference_id": "7e441a14-8e55-4ab4-932c-4dc56bb1bc2e", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-25T19:51:39Z/" } ], "url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e" }, { "reference_url": "https://github.com/advisories/GHSA-42c3-wvww-gcqj", "reference_id": "GHSA-42c3-wvww-gcqj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-42c3-wvww-gcqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-1578", "GHSA-42c3-wvww-gcqj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-843n-ga86-syg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208808?format=api", "vulnerability_id": "VCID-8caz-76fk-x7er", "summary": "Cross-site Scripting in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07461", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07426", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07445", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07454", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1351" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac" }, { "reference_url": "https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1351", "reference_id": "CVE-2022-1351", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1351" }, { "reference_url": "https://github.com/advisories/GHSA-xcr3-4qvr-54rh", "reference_id": "GHSA-xcr3-4qvr-54rh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xcr3-4qvr-54rh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19728?format=api", "purl": "pkg:composer/pimcore/pimcore@10.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0" } ], "aliases": [ "CVE-2022-1351", "GHSA-xcr3-4qvr-54rh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8caz-76fk-x7er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129742?format=api", "vulnerability_id": "VCID-8d6u-y4zg-7bbq", "summary": "Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30855", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00436", "published_at": "2026-06-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00443", "published_at": "2026-06-14T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00435", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00434", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30855" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7f788fa44bc18bc1c9182c25e26b770a1d30b62f.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/7f788fa44bc18bc1c9182c25e26b770a1d30b62f.patch" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30855", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30855" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14498", "reference_id": "14498", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14498" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch", "reference_id": "f1d904094700b513c4756904fa2b1e19d08d890e.patch", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch" }, { "reference_url": "https://github.com/advisories/GHSA-g2mc-fqqc-hxg3", "reference_id": "GHSA-g2mc-fqqc-hxg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g2mc-fqqc-hxg3" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g2mc-fqqc-hxg3", "reference_id": "GHSA-g2mc-fqqc-hxg3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g2mc-fqqc-hxg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380974?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" } ], "aliases": [ "CVE-2023-30855", "GHSA-g2mc-fqqc-hxg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8d6u-y4zg-7bbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150910?format=api", "vulnerability_id": "VCID-8jqk-yf3u-a3gn", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01593", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01581", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01584", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01578", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2361" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2361", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2361" }, { "reference_url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7", "reference_id": "24d91b83-c3df-48f5-a713-9def733f2de7", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:38Z/" } ], "url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a", "reference_id": "6970649f5d3790a1db9ef4324bece0d4cb95366a", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:38Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a" }, { "reference_url": "https://github.com/advisories/GHSA-9xg6-75mh-7x3f", "reference_id": "GHSA-9xg6-75mh-7x3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xg6-75mh-7x3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2361", "GHSA-9xg6-75mh-7x3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8jqk-yf3u-a3gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150986?format=api", "vulnerability_id": "VCID-9d5s-3c9u-c7gg", "summary": "Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2983", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00519", "published_at": "2026-06-14T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00509", "published_at": "2026-06-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00512", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2983" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m4mv-rmr7-h5f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m4mv-rmr7-h5f5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2983", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2983" }, { "reference_url": "https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1", "reference_id": "6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T20:52:11Z/" } ], "url": "https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a", "reference_id": "c8f37b19c99cd82e4e558857d3e4d5476ea7228a", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T20:52:11Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a" }, { "reference_url": "https://github.com/advisories/GHSA-m4mv-rmr7-h5f5", "reference_id": "GHSA-m4mv-rmr7-h5f5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4mv-rmr7-h5f5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381817?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.23" } ], "aliases": [ "CVE-2023-2983", "GHSA-m4mv-rmr7-h5f5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d5s-3c9u-c7gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167433?format=api", "vulnerability_id": "VCID-9fwv-b6y6-cqe7", "summary": "Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07883", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07877", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07889", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07853", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31092" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/12444", "reference_id": "12444", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:02Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/12444" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549", "reference_id": "21559c6bf0e4e828d33ff7af6e88caecb5ac6549", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:02Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31092", "reference_id": "CVE-2022-31092", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31092" }, { "reference_url": "https://github.com/advisories/GHSA-gvmf-wcx6-p974", "reference_id": "GHSA-gvmf-wcx6-p974", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvmf-wcx6-p974" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-gvmf-wcx6-p974", "reference_id": "GHSA-gvmf-wcx6-p974", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:02Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-gvmf-wcx6-p974" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24910?format=api", "purl": "pkg:composer/pimcore/pimcore@10.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.4" } ], "aliases": [ "CVE-2022-31092", "GHSA-gvmf-wcx6-p974", "GMS-2022-2534" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fwv-b6y6-cqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144615?format=api", "vulnerability_id": "VCID-a9r6-chrk-9ffe", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03478", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03493", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03474", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03488", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1517" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14631", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14631" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14631.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14631.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-42x8-2v53-pqmj", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-42x8-2v53-pqmj" }, { "reference_url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1517", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1517" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7", "reference_id": "3a22700dacd8a439cffcb208838a4199e732cff7", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:22:48Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7" }, { "reference_url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d", "reference_id": "82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:22:48Z/" } ], "url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d" }, { "reference_url": "https://github.com/advisories/GHSA-42x8-2v53-pqmj", "reference_id": "GHSA-42x8-2v53-pqmj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-42x8-2v53-pqmj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-1517", "GHSA-42x8-2v53-pqmj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9r6-chrk-9ffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133404?format=api", "vulnerability_id": "VCID-afta-wcuy-4kah", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5873", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00147", "published_at": "2026-06-13T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00146", "published_at": "2026-06-14T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00148", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5873" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5873", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5873" }, { "reference_url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce", "reference_id": "701cfc30-22a1-4c4b-9b2f-885c77c290ce", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:14Z/" } ], "url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c", "reference_id": "757375677dc83a44c6c22f26d97452cc5cda5d7c", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:14Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c" }, { "reference_url": "https://github.com/advisories/GHSA-j59v-hh4p-q92m", "reference_id": "GHSA-j59v-hh4p-q92m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j59v-hh4p-q92m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379098?format=api", "purl": "pkg:composer/pimcore/pimcore@11.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-wvt7-h158-8kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.1.0" } ], "aliases": [ "CVE-2023-5873", "GHSA-j59v-hh4p-q92m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afta-wcuy-4kah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208361?format=api", "vulnerability_id": "VCID-akv1-wzyh-fydj", "summary": "Cross-site Scripting in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35724", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35544", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35727", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35743", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0831" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf" }, { "reference_url": "https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0831", "reference_id": "CVE-2022-0831", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0831" }, { "reference_url": "https://github.com/advisories/GHSA-q67f-3jq4-mww2", "reference_id": "GHSA-q67f-3jq4-mww2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q67f-3jq4-mww2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19604?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.3" } ], "aliases": [ "CVE-2022-0831", "GHSA-q67f-3jq4-mww2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akv1-wzyh-fydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208369?format=api", "vulnerability_id": "VCID-amnn-gf11-7yc2", "summary": "Cross-site Scripting in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43441", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43285", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43452", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43461", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0832" }, { "reference_url": "https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0832", "reference_id": "CVE-2022-0832", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0832" }, { "reference_url": "https://github.com/advisories/GHSA-6qcc-whgp-pjj2", "reference_id": "GHSA-6qcc-whgp-pjj2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6qcc-whgp-pjj2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19604?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.3" } ], "aliases": [ "CVE-2022-0832", "GHSA-6qcc-whgp-pjj2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amnn-gf11-7yc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144885?format=api", "vulnerability_id": "VCID-b4ba-atzn-wkay", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04561", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04583", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04568", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1429" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-3223-w774-99fq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-3223-w774-99fq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1429", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1429" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5", "reference_id": "7588c336edb24050656111b89d69e69cc9feb5f5", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:15:52Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5" }, { "reference_url": "https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f", "reference_id": "e0829fea-e458-47b8-84a3-a74476d9638f", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:15:52Z/" } ], "url": "https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f" }, { "reference_url": "https://github.com/advisories/GHSA-3223-w774-99fq", "reference_id": "GHSA-3223-w774-99fq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3223-w774-99fq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-1429", "GHSA-3223-w774-99fq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4ba-atzn-wkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208506?format=api", "vulnerability_id": "VCID-bed6-u2ht-dqgs", "summary": "Cross-site Scripting in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04225", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04213", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04216", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0911" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/11447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/11447" }, { "reference_url": "https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0911", "reference_id": "CVE-2022-0911", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0911" }, { "reference_url": "https://github.com/advisories/GHSA-j29f-m23h-3p8p", "reference_id": "GHSA-j29f-m23h-3p8p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j29f-m23h-3p8p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18988?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19728?format=api", "purl": "pkg:composer/pimcore/pimcore@10.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0" } ], "aliases": [ "CVE-2022-0911", "GHSA-j29f-m23h-3p8p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bed6-u2ht-dqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208486?format=api", "vulnerability_id": "VCID-c1pt-5z3d-wffr", "summary": "Cross-site Scripting in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01645", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01641", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01655", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01648", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0894" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/11447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/11447" }, { "reference_url": "https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0894", "reference_id": "CVE-2022-0894", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0894" }, { "reference_url": "https://github.com/advisories/GHSA-22hc-47cc-7x6f", "reference_id": "GHSA-22hc-47cc-7x6f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-22hc-47cc-7x6f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18988?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19728?format=api", "purl": "pkg:composer/pimcore/pimcore@10.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0" } ], "aliases": [ "CVE-2022-0894", "GHSA-22hc-47cc-7x6f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1pt-5z3d-wffr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66834?format=api", "vulnerability_id": "VCID-cbz2-sxrt-rffn", "summary": "Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23493", "reference_id": "", "reference_type": "", "scores": [ { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "1e-05", "published_at": "2026-06-14T12:55:00Z" }, { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "5e-05", "published_at": "2026-06-12T12:55:00Z" }, { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "2e-05", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23493" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601", "reference_id": "002ec7d5f84973819236796e5b314703b58e8601", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/18918", "reference_id": "18918", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/18918" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23493", "reference_id": "CVE-2026-23493", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23493" }, { "reference_url": "https://github.com/advisories/GHSA-q433-j342-rp9h", "reference_id": "GHSA-q433-j342-rp9h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q433-j342-rp9h" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h", "reference_id": "GHSA-q433-j342-rp9h", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14", "reference_id": "v11.5.14", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1", "reference_id": "v12.3.1", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37759?format=api", "purl": "pkg:composer/pimcore/pimcore@11.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-em5a-b39y-6qgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/37762?format=api", "purl": "pkg:composer/pimcore/pimcore@12.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-em5a-b39y-6qgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1" } ], "aliases": [ "CVE-2026-23493", "GHSA-q433-j342-rp9h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbz2-sxrt-rffn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207517?format=api", "vulnerability_id": "VCID-cgxg-fxyp-dfd8", "summary": "pimcore is vulnerable to SQL Injection", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09824", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09775", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09812", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09825", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0258" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd" }, { "reference_url": "https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0258", "reference_id": "CVE-2022-0258", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0258" }, { "reference_url": "https://github.com/advisories/GHSA-vj9x-w7ch-f46p", "reference_id": "GHSA-vj9x-w7ch-f46p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vj9x-w7ch-f46p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392106?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18740?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9" } ], "aliases": [ "CVE-2022-0258", "GHSA-vj9x-w7ch-f46p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cgxg-fxyp-dfd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206976?format=api", "vulnerability_id": "VCID-cr87-arup-w3gs", "summary": "Cross-site Scripting in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07589", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07553", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07576", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07585", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4084" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065" }, { "reference_url": "https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4084", "reference_id": "CVE-2021-4084", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4084" }, { "reference_url": "https://github.com/advisories/GHSA-8w3x-r6x7-c5r5", "reference_id": "GHSA-8w3x-r6x7-c5r5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w3x-r6x7-c5r5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18368?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6" } ], "aliases": [ "CVE-2021-4084", "GHSA-8w3x-r6x7-c5r5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cr87-arup-w3gs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207543?format=api", "vulnerability_id": "VCID-d73k-kkeb-n3b5", "summary": "Business Logic Errors in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01084", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01087", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01093", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01091", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4146" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6" }, { "reference_url": "https://github.com/pimcore/pimcore/issues/11024", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/issues/11024" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/11206", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/11206" }, { "reference_url": "https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4146", "reference_id": "CVE-2021-4146", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4146" }, { "reference_url": "https://github.com/advisories/GHSA-54hw-mhgh-x4vc", "reference_id": "GHSA-54hw-mhgh-x4vc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-54hw-mhgh-x4vc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18368?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/18740?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9" } ], "aliases": [ "CVE-2021-4146", "GHSA-54hw-mhgh-x4vc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d73k-kkeb-n3b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206975?format=api", "vulnerability_id": "VCID-d8pe-27pm-xbfy", "summary": "pimcore is vulnerable to Cross-Site Request Forgery (CSRF)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4082", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00479", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00482", "published_at": "2026-06-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00491", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4082" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28" }, { "reference_url": "https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4082", "reference_id": "CVE-2021-4082", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4082" }, { "reference_url": "https://github.com/advisories/GHSA-2v2v-fx7r-f2fh", "reference_id": "GHSA-2v2v-fx7r-f2fh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2v2v-fx7r-f2fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18368?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6" } ], "aliases": [ "CVE-2021-4082", "GHSA-2v2v-fx7r-f2fh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8pe-27pm-xbfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/355933?format=api", "vulnerability_id": "VCID-e793-c5wh-yuaf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01545", "published_at": "2026-06-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00672", "published_at": "2026-06-14T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00667", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30848" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14972", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14972" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30848", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30848" }, { "reference_url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8", "reference_id": "GHSA-6mhm-gcpf-5gr8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30848", "GHSA-6mhm-gcpf-5gr8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e793-c5wh-yuaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80063?format=api", "vulnerability_id": "VCID-em5a-b39y-6qgc", "summary": "Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Exploiting this issue requires admin authentication. An attacker with admin panel access can extract the full database including password hashes of other admin users. Version 12.3.3 contains a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02341", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02334", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0234", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02342", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27461" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/18991", "reference_id": "18991", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/18991" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4", "reference_id": "1c3925fbec4895abeb21e5c244a83679c4e4a6f4", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27461", "reference_id": "CVE-2026-27461", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27461" }, { "reference_url": "https://github.com/advisories/GHSA-vxg3-v4p6-f3fp", "reference_id": "GHSA-vxg3-v4p6-f3fp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxg3-v4p6-f3fp" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp", "reference_id": "GHSA-vxg3-v4p6-f3fp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.3", "reference_id": "v12.3.3", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37761?format=api", "purl": "pkg:composer/pimcore/pimcore@12.0.0-RC1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.0.0-RC1" }, { "url": "http://public2.vulnerablecode.io/api/packages/39772?format=api", "purl": "pkg:composer/pimcore/pimcore@12.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-reqw-yyg8-wugv" }, { "vulnerability": "VCID-xjuf-ar4q-uyfz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.3" } ], "aliases": [ "CVE-2026-27461", "GHSA-vxg3-v4p6-f3fp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-em5a-b39y-6qgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207045?format=api", "vulnerability_id": "VCID-eqbu-bpgy-1yd3", "summary": "Cross-site Scripting in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08309", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08269", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08306", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08307", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4139" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245" }, { "reference_url": "https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4139", "reference_id": "CVE-2021-4139", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4139" }, { "reference_url": "https://github.com/advisories/GHSA-8xx9-rxrj-2m2w", "reference_id": "GHSA-8xx9-rxrj-2m2w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xx9-rxrj-2m2w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18419?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7" } ], "aliases": [ "CVE-2021-4139", "GHSA-8xx9-rxrj-2m2w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eqbu-bpgy-1yd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207477?format=api", "vulnerability_id": "VCID-f189-dkah-2ke1", "summary": "Cross-site Scripting in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13975", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13859", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13946", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13972", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0262" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7" }, { "reference_url": "https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0262", "reference_id": "CVE-2022-0262", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0262" }, { "reference_url": "https://github.com/advisories/GHSA-4f5x-q4jc-xfcf", "reference_id": "GHSA-4f5x-q4jc-xfcf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f5x-q4jc-xfcf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18419?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7" } ], "aliases": [ "CVE-2022-0262", "GHSA-4f5x-q4jc-xfcf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f189-dkah-2ke1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134098?format=api", "vulnerability_id": "VCID-fcm6-y2yu-2uca", "summary": "Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21598", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21771", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21798", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21785", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28106" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28106", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28106" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14669.patch", "reference_id": "14669.patch", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14669.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2", "reference_id": "c59d0bf1d03a5037b586fe06230694fa3818dbf2", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2" }, { "reference_url": "https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a", "reference_id": "fa77d780-9b23-404b-8c44-12108881d11a", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/" } ], "url": "https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a" }, { "reference_url": "https://github.com/advisories/GHSA-x5j3-mq9g-8jc8", "reference_id": "GHSA-x5j3-mq9g-8jc8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x5j3-mq9g-8jc8" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8", "reference_id": "GHSA-x5j3-mq9g-8jc8", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-28106", "GHSA-x5j3-mq9g-8jc8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcm6-y2yu-2uca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207708?format=api", "vulnerability_id": "VCID-gf98-8eeb-afc5", "summary": "Cross-site Scripting pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0510", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12856", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1276", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12847", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12865", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0510" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce" }, { "reference_url": "https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0510", "reference_id": "CVE-2022-0510", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0510" }, { "reference_url": "https://github.com/advisories/GHSA-mxh3-2699-98g9", "reference_id": "GHSA-mxh3-2699-98g9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mxh3-2699-98g9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18988?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1" } ], "aliases": [ "CVE-2022-0510", "GHSA-mxh3-2699-98g9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gf98-8eeb-afc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66674?format=api", "vulnerability_id": "VCID-ha34-7pm3-pqgm", "summary": "Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to database information disclosure. This vulnerability is fixed in 12.3.1 and 11.5.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23492", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00141", "published_at": "2026-06-14T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.0015", "published_at": "2026-06-12T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00243", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23492" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3", "reference_id": "25ad8674886f2b938243cbe13e33e204a2e35cc3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23492", "reference_id": "CVE-2026-23492", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23492" }, { "reference_url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8", "reference_id": "GHSA-6mhm-gcpf-5gr8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8" }, { "reference_url": "https://github.com/advisories/GHSA-qvr7-7g55-69xj", "reference_id": "GHSA-qvr7-7g55-69xj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvr7-7g55-69xj" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj", "reference_id": "GHSA-qvr7-7g55-69xj", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37759?format=api", "purl": "pkg:composer/pimcore/pimcore@11.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-em5a-b39y-6qgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/37762?format=api", "purl": "pkg:composer/pimcore/pimcore@12.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-em5a-b39y-6qgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1" } ], "aliases": [ "CVE-2026-23492", "GHSA-qvr7-7g55-69xj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ha34-7pm3-pqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207515?format=api", "vulnerability_id": "VCID-ha9j-gnw7-rucq", "summary": "pimcore is vulnerable to Cross-site Scripting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01696", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01693", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01707", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01699", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0256" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7" }, { "reference_url": "https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0256", "reference_id": "CVE-2022-0256", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0256" }, { "reference_url": "https://github.com/advisories/GHSA-57hg-26h7-9qgv", "reference_id": "GHSA-57hg-26h7-9qgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57hg-26h7-9qgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392106?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18740?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9" } ], "aliases": [ "CVE-2022-0256", "GHSA-57hg-26h7-9qgv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ha9j-gnw7-rucq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148504?format=api", "vulnerability_id": "VCID-hdnj-vcx7-e7cw", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0323", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00211", "published_at": "2026-06-14T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00212", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0323" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/13916.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/13916.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6vf6-g3pr-j83h", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6vf6-g3pr-j83h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0323", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0323" }, { "reference_url": "https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343", "reference_id": "129d6a4b-0504-4de1-a72c-3f12c4552343", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:07:52Z/" } ], "url": "https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04", "reference_id": "746fac1a342841624f63ab13edcd340358e1bc04", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:07:52Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04" }, { "reference_url": "https://github.com/advisories/GHSA-6vf6-g3pr-j83h", "reference_id": "GHSA-6vf6-g3pr-j83h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6vf6-g3pr-j83h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380097?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.14" } ], "aliases": [ "CVE-2023-0323", "GHSA-6vf6-g3pr-j83h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hdnj-vcx7-e7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131740?format=api", "vulnerability_id": "VCID-hjs3-9b5k-e7c4", "summary": "Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.\nThe impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38708", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00208", "published_at": "2026-06-11T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00205", "published_at": "2026-06-14T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00206", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38708" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38708", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38708" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c", "reference_id": "58012d0e3b8b926fb54eccbd64ec5c993b30c22c", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:21:04Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c" }, { "reference_url": "https://github.com/advisories/GHSA-34hj-v8fm-x887", "reference_id": "GHSA-34hj-v8fm-x887", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-34hj-v8fm-x887" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887", "reference_id": "GHSA-34hj-v8fm-x887", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:21:04Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380629?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.7" } ], "aliases": [ "CVE-2023-38708", "GHSA-34hj-v8fm-x887" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjs3-9b5k-e7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/342544?format=api", "vulnerability_id": "VCID-hmq1-yjsd-5fah", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07988", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08024", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0802", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08017", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39170" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/10178", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/10178" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/10178.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/10178.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/10206", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/10206" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f" }, { "reference_url": "https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501" }, { "reference_url": "https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501/" }, { "reference_url": "https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2" }, { "reference_url": "https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39170", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39170" }, { "reference_url": "https://github.com/advisories/GHSA-2v88-qq7x-xq5f", "reference_id": "GHSA-2v88-qq7x-xq5f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2v88-qq7x-xq5f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382544?format=api", "purl": "pkg:composer/pimcore/pimcore@10.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.2" } ], "aliases": [ "CVE-2021-39170", "GHSA-2v88-qq7x-xq5f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmq1-yjsd-5fah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150679?format=api", "vulnerability_id": "VCID-hsfu-wneb-1kb3", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01282", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01271", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01278", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01276", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2630" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2630", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2630" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38", "reference_id": "7e32cc28145274ddfc30fb791012d26c1278bd38", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:39:45Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38" }, { "reference_url": "https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e", "reference_id": "e1001870-b8d8-4921-8b9c-bbdfb1a1491e", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:39:45Z/" } ], "url": "https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e" }, { "reference_url": "https://github.com/advisories/GHSA-w766-3572-f2hv", "reference_id": "GHSA-w766-3572-f2hv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w766-3572-f2hv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2630", "GHSA-w766-3572-f2hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsfu-wneb-1kb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207430?format=api", "vulnerability_id": "VCID-hzjc-d8zw-5bbf", "summary": "Cross-site Scripting in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14667", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14548", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1464", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14666", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0285" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835" }, { "reference_url": "https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0285", "reference_id": "CVE-2022-0285", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0285" }, { "reference_url": "https://github.com/advisories/GHSA-pm3v-qxf6-fgxv", "reference_id": "GHSA-pm3v-qxf6-fgxv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm3v-qxf6-fgxv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18740?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9" } ], "aliases": [ "CVE-2022-0285", "GHSA-pm3v-qxf6-fgxv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzjc-d8zw-5bbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151531?format=api", "vulnerability_id": "VCID-j76y-vhb3-4kc8", "summary": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3819", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.0006", "published_at": "2026-06-14T12:55:00Z" }, { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00059", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3819" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r87r-982q-2c3q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r87r-982q-2c3q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3819", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3819" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54", "reference_id": "0237527b3244d251fa5ecd4912dfe4f8b2125c54", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:38:48Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54" }, { "reference_url": "https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c", "reference_id": "be5e4d4c-1b0b-4c01-a1fc-00533135817c", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:38:48Z/" } ], "url": "https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c" }, { "reference_url": "https://github.com/advisories/GHSA-r87r-982q-2c3q", "reference_id": "GHSA-r87r-982q-2c3q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r87r-982q-2c3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381342?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4" } ], "aliases": [ "CVE-2023-3819", "GHSA-r87r-982q-2c3q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j76y-vhb3-4kc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/312543?format=api", "vulnerability_id": "VCID-jt8j-hy8f-p7hk", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16318", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00825", "published_at": "2026-06-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00821", "published_at": "2026-06-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00829", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16318" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/732f1647cc6e0a29b5b1f5d904b4d726b5e9455f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/732f1647cc6e0a29b5b1f5d904b4d726b5e9455f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16318", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16318" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451598", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451598" }, { "reference_url": "https://github.com/advisories/GHSA-cxj7-4jpj-2q38", "reference_id": "GHSA-cxj7-4jpj-2q38", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cxj7-4jpj-2q38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21873?format=api", "purl": "pkg:composer/pimcore/pimcore@5.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-39gk-fakk-syek" }, { "vulnerability": "VCID-3axp-csny-ryd8" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zaw5-m5vq-myc6" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.7.1" } ], "aliases": [ "CVE-2019-16318", "GHSA-cxj7-4jpj-2q38" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jt8j-hy8f-p7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208800?format=api", "vulnerability_id": "VCID-k9su-rd5b-ubg9", "summary": "SQL Injection in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15854", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15714", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15831", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15863", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1339" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c" }, { "reference_url": "https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1339", "reference_id": "CVE-2022-1339", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1339" }, { "reference_url": "https://github.com/advisories/GHSA-mj2c-5mjv-gmmj", "reference_id": "GHSA-mj2c-5mjv-gmmj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mj2c-5mjv-gmmj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20075?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.5" } ], "aliases": [ "CVE-2022-1339", "GHSA-mj2c-5mjv-gmmj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k9su-rd5b-ubg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150805?format=api", "vulnerability_id": "VCID-kq1j-jfjz-7yb2", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2339", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00531", "published_at": "2026-06-14T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0052", "published_at": "2026-06-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00523", "published_at": "2026-06-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00524", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2339" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2339", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2339" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480", "reference_id": "6946f8a5a0a93b516c49f17a5b45044eebd73480", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T21:26:57Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480" }, { "reference_url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2", "reference_id": "bb1537a5-fe7b-4c77-a582-10a82435fbc2", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T21:26:57Z/" } ], "url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2" }, { "reference_url": "https://github.com/advisories/GHSA-6fvf-x8c6-2f6j", "reference_id": "GHSA-6fvf-x8c6-2f6j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6fvf-x8c6-2f6j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2339", "GHSA-6fvf-x8c6-2f6j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kq1j-jfjz-7yb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207518?format=api", "vulnerability_id": "VCID-mhbd-nf8m-vfgf", "summary": "pimcore is vulnerable to Cross-site Scripting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05815", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05794", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05797", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05807", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0257" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d" }, { "reference_url": "https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0257", "reference_id": "CVE-2022-0257", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0257" }, { "reference_url": "https://github.com/advisories/GHSA-v567-q267-phpg", "reference_id": "GHSA-v567-q267-phpg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v567-q267-phpg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392106?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/18740?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9" } ], "aliases": [ "CVE-2022-0257", "GHSA-v567-q267-phpg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhbd-nf8m-vfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151128?format=api", "vulnerability_id": "VCID-mmg6-qgw8-uffr", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04561", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04583", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04568", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2327" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2327", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2327" }, { "reference_url": "https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6", "reference_id": "7336b71f-a36f-4ce7-a26d-c8335ac713d6", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:19Z/" } ], "url": "https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f", "reference_id": "fb3056a21d439135480ee299bf1ab646867b5f4f", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:19Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f" }, { "reference_url": "https://github.com/advisories/GHSA-x9xj-pqmv-8jf7", "reference_id": "GHSA-x9xj-pqmv-8jf7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x9xj-pqmv-8jf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2327", "GHSA-x9xj-pqmv-8jf7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmg6-qgw8-uffr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/130463?format=api", "vulnerability_id": "VCID-mwcv-7yze-jyfe", "summary": "Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce.\nThe upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01748", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01759", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01752", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01744", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23937" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14125", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14125" }, { "reference_url": "https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38" }, { "reference_url": "https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23937", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23937" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/75a448ef8ac74424cf4e723afeb6d05f9eed872f", "reference_id": "75a448ef8ac74424cf4e723afeb6d05f9eed872f", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:14Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/75a448ef8ac74424cf4e723afeb6d05f9eed872f" }, { "reference_url": "https://github.com/advisories/GHSA-8xv4-jj4h-qww6", "reference_id": "GHSA-8xv4-jj4h-qww6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xv4-jj4h-qww6" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-8xv4-jj4h-qww6", "reference_id": "GHSA-8xv4-jj4h-qww6", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:14Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-8xv4-jj4h-qww6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380358?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.16" } ], "aliases": [ "CVE-2023-23937", "GHSA-8xv4-jj4h-qww6", "GMS-2023-222" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwcv-7yze-jyfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150706?format=api", "vulnerability_id": "VCID-nsv2-svcf-83f1", "summary": "Path Traversal: '\\..\\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09305", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09295", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09252", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2984" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-46g3-f9r8-xj4v", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-46g3-f9r8-xj4v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2984", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2984" }, { "reference_url": "https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191", "reference_id": "5df8b951-e2f1-4548-a7e3-601186e1b191", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T19:58:45Z/" } ], "url": "https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed", "reference_id": "e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T19:58:45Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed" }, { "reference_url": "https://github.com/advisories/GHSA-46g3-f9r8-xj4v", "reference_id": "GHSA-46g3-f9r8-xj4v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46g3-f9r8-xj4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381905?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.22" } ], "aliases": [ "CVE-2023-2984", "GHSA-46g3-f9r8-xj4v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nsv2-svcf-83f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133156?format=api", "vulnerability_id": "VCID-nt13-9c91-2bd9", "summary": "Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49076", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00318", "published_at": "2026-06-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00322", "published_at": "2026-06-14T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00317", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49076" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49076", "reference_id": "CVE-2023-49076", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49076" }, { "reference_url": "https://github.com/pimcore/customer-data-framework/commit/ef7414415cfa64189b8433eff0aa2a9b537a89f7.patch", "reference_id": "ef7414415cfa64189b8433eff0aa2a9b537a89f7.patch", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:26:59Z/" } ], "url": "https://github.com/pimcore/customer-data-framework/commit/ef7414415cfa64189b8433eff0aa2a9b537a89f7.patch" }, { "reference_url": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-xx63-4jr8-9ghc", "reference_id": "GHSA-xx63-4jr8-9ghc", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:26:59Z/" } ], "url": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-xx63-4jr8-9ghc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394793?format=api", "purl": "pkg:composer/pimcore/pimcore@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-1rf9-bjfm-cybk" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-39gk-fakk-syek" }, { "vulnerability": "VCID-3axp-csny-ryd8" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7r3k-vnfw-vqe3" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-jt8j-hy8f-p7hk" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-tuvj-gmw8-nkg2" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wamt-dcf8-6ybv" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y8dz-w8dz-kqcn" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zaw5-m5vq-myc6" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@4.1.0" } ], "aliases": [ "CVE-2023-49076", "GHSA-xx63-4jr8-9ghc" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nt13-9c91-2bd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134325?format=api", "vulnerability_id": "VCID-nyrx-zsbe-23g8", "summary": "Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01624", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01631", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01618", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01622", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28429" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28429", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28429" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14574", "reference_id": "14574", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14574" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14574.patch", "reference_id": "14574.patch", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14574.patch" }, { "reference_url": "https://github.com/advisories/GHSA-rcg9-hrhx-6q69", "reference_id": "GHSA-rcg9-hrhx-6q69", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rcg9-hrhx-6q69" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-rcg9-hrhx-6q69", "reference_id": "GHSA-rcg9-hrhx-6q69", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-rcg9-hrhx-6q69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-28429", "GHSA-rcg9-hrhx-6q69" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyrx-zsbe-23g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/117366?format=api", "vulnerability_id": "VCID-p5rs-jqqj-dudg", "summary": "Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68286", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68296", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68197", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68298", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27617", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27617" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea", "reference_id": "19a8520895484e68fd254773e32476565d91deea", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea" }, { "reference_url": "https://github.com/advisories/GHSA-qjpx-5m2p-5pgh", "reference_id": "GHSA-qjpx-5m2p-5pgh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjpx-5m2p-5pgh" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh", "reference_id": "GHSA-qjpx-5m2p-5pgh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh" }, { "reference_url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347", "reference_id": "Multiselect.php#L332-L347", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/" } ], "url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347" }, { "reference_url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47", "reference_id": "RelationFilterConditionParser.php#L29-L47", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/" } ], "url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378175?format=api", "purl": "pkg:composer/pimcore/pimcore@11.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.4" } ], "aliases": [ "CVE-2025-27617", "GHSA-qjpx-5m2p-5pgh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5rs-jqqj-dudg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/342540?format=api", "vulnerability_id": "VCID-pe3m-swu2-wybk", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05392", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05414", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05408", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05399", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39166" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/10170", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/10170" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-w6j8-jc36-x5q9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-w6j8-jc36-x5q9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39166", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39166" }, { "reference_url": "https://github.com/advisories/GHSA-w6j8-jc36-x5q9", "reference_id": "GHSA-w6j8-jc36-x5q9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w6j8-jc36-x5q9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382544?format=api", "purl": "pkg:composer/pimcore/pimcore@10.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.2" } ], "aliases": [ "CVE-2021-39166", "GHSA-w6j8-jc36-x5q9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pe3m-swu2-wybk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144662?format=api", "vulnerability_id": "VCID-puqv-p29k-6bhv", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01441", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01425", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01434", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01422", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1286", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1286" }, { "reference_url": "https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c", "reference_id": "31d97442-3f87-439f-83f0-1c7862ef0c7c", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:33:06Z/" } ], "url": "https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18", "reference_id": "82cca7f4a7560b160336cce2610481098ca52c18", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:33:06Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18" }, { "reference_url": "https://github.com/advisories/GHSA-8jv7-vwrc-mv4g", "reference_id": "GHSA-8jv7-vwrc-mv4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jv7-vwrc-mv4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/30766?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1286", "GHSA-8jv7-vwrc-mv4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-puqv-p29k-6bhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207607?format=api", "vulnerability_id": "VCID-pvba-dkzz-xfc4", "summary": "Cross-site Scripting in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08309", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0827", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08307", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08308", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0348" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a" }, { "reference_url": "https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0348", "reference_id": "CVE-2022-0348", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0348" }, { "reference_url": "https://github.com/advisories/GHSA-8x44-pwr2-rgc6", "reference_id": "GHSA-8x44-pwr2-rgc6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8x44-pwr2-rgc6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392127?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/18832?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.10" } ], "aliases": [ "CVE-2022-0348", "GHSA-8x44-pwr2-rgc6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvba-dkzz-xfc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150867?format=api", "vulnerability_id": "VCID-pvq6-vk11-6qdp", "summary": "SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19919", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19927", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19943", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19752", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2338" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2338", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2338" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520", "reference_id": "21e35af721c375ef4676ed50835e30d828e76520", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-03T16:28:43Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520" }, { "reference_url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462", "reference_id": "bbf59fa7-cf5b-4945-81b0-328adc710462", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-03T16:28:43Z/" } ], "url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462" }, { "reference_url": "https://github.com/advisories/GHSA-4x35-vr82-xvj6", "reference_id": "GHSA-4x35-vr82-xvj6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4x35-vr82-xvj6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2338", "GHSA-4x35-vr82-xvj6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvq6-vk11-6qdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144648?format=api", "vulnerability_id": "VCID-pvqw-sqms-aqg6", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0277", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02781", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02778", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02786", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1115" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14500.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14500.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-97cp-8873-v2gf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-97cp-8873-v2gf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1115", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1115" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3", "reference_id": "c6368b7cc69a3ebf2c83de7586f492ca1f404dd3", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:15:26Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3" }, { "reference_url": "https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17", "reference_id": "cfa80332-e4cf-4d64-b3e5-e10298628d17", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:15:26Z/" } ], "url": "https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17" }, { "reference_url": "https://github.com/advisories/GHSA-97cp-8873-v2gf", "reference_id": "GHSA-97cp-8873-v2gf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97cp-8873-v2gf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380974?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/30766?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1115", "GHSA-97cp-8873-v2gf" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvqw-sqms-aqg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144630?format=api", "vulnerability_id": "VCID-pxg6-wvup-gkhb", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04561", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04583", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04568", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1067" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1067", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1067" }, { "reference_url": "https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045", "reference_id": "31d17b34-f80d-49f2-86e7-97ae715cc045", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T19:54:41Z/" } ], "url": "https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf", "reference_id": "4b5733266d7d6aeb4f221a15e005db83fc198edf", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T19:54:41Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf" }, { "reference_url": "https://github.com/advisories/GHSA-f2jh-mf2c-8278", "reference_id": "GHSA-f2jh-mf2c-8278", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2jh-mf2c-8278" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380974?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/30766?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1067", "GHSA-f2jh-mf2c-8278" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxg6-wvup-gkhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150818?format=api", "vulnerability_id": "VCID-r243-r7yh-93d1", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01362", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01366", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01352", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2616" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2616", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2616" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091", "reference_id": "07a2c95be524c7e20105cef58c5767d4ebb06091", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:40:53Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091" }, { "reference_url": "https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801", "reference_id": "564cb512-2bcc-4458-8c20-88110ab45801", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:40:53Z/" } ], "url": "https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801" }, { "reference_url": "https://github.com/advisories/GHSA-mhpj-7m7h-8p6x", "reference_id": "GHSA-mhpj-7m7h-8p6x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhpj-7m7h-8p6x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2616", "GHSA-mhpj-7m7h-8p6x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r243-r7yh-93d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151848?format=api", "vulnerability_id": "VCID-rq96-5ke4-kqcd", "summary": "SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11372", "scoring_system": "epss", "scoring_elements": "0.93746", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.11372", "scoring_system": "epss", "scoring_elements": "0.9374", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.11372", "scoring_system": "epss", "scoring_elements": "0.93744", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.11372", "scoring_system": "epss", "scoring_elements": "0.9372", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3673" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3673", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3673" }, { "reference_url": "https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9", "reference_id": "46ca0934-5260-477b-9e86-7b16bb18d0a9", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/" } ], "url": "https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9", "reference_id": "a06ce0abdba19ae0eefc38b035e677f8f0c2bce9", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9" }, { "reference_url": "https://github.com/advisories/GHSA-rxp5-qwrf-pfv3", "reference_id": "GHSA-rxp5-qwrf-pfv3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxp5-qwrf-pfv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381562?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.24" } ], "aliases": [ "CVE-2023-3673", "GHSA-rxp5-qwrf-pfv3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rq96-5ke4-kqcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150992?format=api", "vulnerability_id": "VCID-rxn9-7h5z-pyfm", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04561", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04583", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04568", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2328" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2328", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2328" }, { "reference_url": "https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6", "reference_id": "01a44584-e36b-46f4-ad94-53af488397f6", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:51:34Z/" } ], "url": "https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe", "reference_id": "e3562bfe249c557d15474c9a0acd5e06628521fe", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:51:34Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe" }, { "reference_url": "https://github.com/advisories/GHSA-2295-vh28-pphc", "reference_id": "GHSA-2295-vh28-pphc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2295-vh28-pphc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2328", "GHSA-2295-vh28-pphc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxn9-7h5z-pyfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207479?format=api", "vulnerability_id": "VCID-sft8-4vjf-4ygm", "summary": "Unrestricted Upload of File with Dangerous Type in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0263", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00202", "published_at": "2026-06-12T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00203", "published_at": "2026-06-11T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00201", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0263" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911" }, { "reference_url": "https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0263", "reference_id": "CVE-2022-0263", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0263" }, { "reference_url": "https://github.com/advisories/GHSA-c697-r227-pq6h", "reference_id": "GHSA-c697-r227-pq6h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c697-r227-pq6h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18419?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7" } ], "aliases": [ "CVE-2022-0263", "GHSA-c697-r227-pq6h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sft8-4vjf-4ygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361223?format=api", "vulnerability_id": "VCID-sk99-1trk-syb4", "summary": "CKEditor 4 vulnerabilities in versions <4.16.1\nDetails see: \n\nhttps://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc ( CVE-2021-37695 )\nhttps://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c ( CVE-2021-32808 )\nhttps://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg ( CVE-2021-32809 )\n\nPatch: \nhttps://github.com/pimcore/pimcore/pull/10032", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/0d2ce3b1db4ac40646cee5104115767505760b6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/0d2ce3b1db4ac40646cee5104115767505760b6a" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-cfcv-q4qq-2ph4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-cfcv-q4qq-2ph4" }, { "reference_url": "https://github.com/advisories/GHSA-cfcv-q4qq-2ph4", "reference_id": "GHSA-cfcv-q4qq-2ph4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cfcv-q4qq-2ph4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382861?format=api", "purl": "pkg:composer/pimcore/pimcore@10.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.1" } ], "aliases": [ "GHSA-cfcv-q4qq-2ph4", "GMS-2021-117" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sk99-1trk-syb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151207?format=api", "vulnerability_id": "VCID-svwv-hc14-bfhj", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01581", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01593", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01584", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01578", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2730" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2730", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2730" }, { "reference_url": "https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885", "reference_id": "6c6f5c26-d545-4e7b-82bb-1fe28006c885", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:17:55Z/" } ], "url": "https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878", "reference_id": "8ab06bfbb5a05a1b190731d9c7476ec45f5ee878", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:17:55Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878" }, { "reference_url": "https://github.com/advisories/GHSA-q3p4-v2cm-q945", "reference_id": "GHSA-q3p4-v2cm-q945", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3p4-v2cm-q945" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19604?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.3" } ], "aliases": [ "CVE-2023-2730", "GHSA-q3p4-v2cm-q945" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svwv-hc14-bfhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208503?format=api", "vulnerability_id": "VCID-sw1n-sk71-y7bs", "summary": "Cross-site Scripting in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01149", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0115", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01159", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01155", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0705" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/11447", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/11447" }, { "reference_url": "https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0705", "reference_id": "CVE-2022-0705", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0705" }, { "reference_url": "https://github.com/advisories/GHSA-xmq3-hgjx-6997", "reference_id": "GHSA-xmq3-hgjx-6997", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmq3-hgjx-6997" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18988?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19728?format=api", "purl": "pkg:composer/pimcore/pimcore@10.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0" } ], "aliases": [ "CVE-2022-0705", "GHSA-xmq3-hgjx-6997" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sw1n-sk71-y7bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361002?format=api", "vulnerability_id": "VCID-sycr-3zm4-n7hm", "summary": "Cross-site Scripting (XSS) - stored in Print Documents\n### Impact\nStored xss leads to steal cookies and other information of other users\n\n### Patches\nUpdate to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14560.patch\n\n### Workarounds\nApply https://github.com/pimcore/pimcore/pull/14560.patch manually.\n\n### References\nhttps://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c/", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-rrwm-8wqm-gwgv", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-rrwm-8wqm-gwgv" }, { "reference_url": "https://github.com/advisories/GHSA-rrwm-8wqm-gwgv", "reference_id": "GHSA-rrwm-8wqm-gwgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrwm-8wqm-gwgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "GHSA-rrwm-8wqm-gwgv", "GMS-2023-781" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sycr-3zm4-n7hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151013?format=api", "vulnerability_id": "VCID-tcfq-uejs-nqbz", "summary": "A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2332", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00101", "published_at": "2026-06-13T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.001", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2332" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2332", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2332" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe", "reference_id": "a4491551967d879141a3fdf0986a9dd3d891abfe", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T21:00:05Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe" }, { "reference_url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c", "reference_id": "e436ed71-6741-4b30-89db-f7f3de4aca2c", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T21:00:05Z/" } ], "url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c" }, { "reference_url": "https://github.com/advisories/GHSA-r7mm-jx6h-hv7m", "reference_id": "GHSA-r7mm-jx6h-hv7m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7mm-jx6h-hv7m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2332", "GHSA-r7mm-jx6h-hv7m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcfq-uejs-nqbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151100?format=api", "vulnerability_id": "VCID-tpw6-n6zr-tkcc", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00681", "published_at": "2026-06-14T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00675", "published_at": "2026-06-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00676", "published_at": "2026-06-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00677", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2340" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2340", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2340" }, { "reference_url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b", "reference_id": "964762b0-b4fe-441c-81e1-0ebdbbf80f3b", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:45Z/" } ], "url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e", "reference_id": "aa38319e353cc3cdfac12e03e21ed7a8f3628d3e", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:45Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e" }, { "reference_url": "https://github.com/advisories/GHSA-g93x-fm2w-5pxw", "reference_id": "GHSA-g93x-fm2w-5pxw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g93x-fm2w-5pxw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2340", "GHSA-g93x-fm2w-5pxw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpw6-n6zr-tkcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/300672?format=api", "vulnerability_id": "VCID-tuvj-gmw8-nkg2", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01507", "scoring_system": "epss", "scoring_elements": "0.81642", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01507", "scoring_system": "epss", "scoring_elements": "0.81641", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01507", "scoring_system": "epss", "scoring_elements": "0.8165", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01507", "scoring_system": "epss", "scoring_elements": "0.81581", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14058" }, { "reference_url": "http://seclists.org/fulldisclosure/2018/Aug/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2018/Aug/13" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14058", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14058" }, { "reference_url": "https://www.exploit-db.com/exploits/45208", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45208" }, { "reference_url": "https://www.exploit-db.com/exploits/45208/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/45208/" }, { "reference_url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software" }, { "reference_url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/" }, { "reference_url": "https://github.com/advisories/GHSA-q4hw-c66h-4xqc", "reference_id": "GHSA-q4hw-c66h-4xqc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4hw-c66h-4xqc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384746?format=api", "purl": "pkg:composer/pimcore/pimcore@5.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-1rf9-bjfm-cybk" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-39gk-fakk-syek" }, { "vulnerability": "VCID-3axp-csny-ryd8" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7r3k-vnfw-vqe3" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-jt8j-hy8f-p7hk" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zaw5-m5vq-myc6" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.3.0" } ], "aliases": [ "CVE-2018-14058", "GHSA-q4hw-c66h-4xqc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tuvj-gmw8-nkg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211231?format=api", "vulnerability_id": "VCID-u1gy-kwn1-3fgv", "summary": "Pimcore Cross-site Scripting (XSS)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.42015", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41851", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.42024", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.42034", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2796" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d" }, { "reference_url": "https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2796", "reference_id": "CVE-2022-2796", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2796" }, { "reference_url": "https://github.com/advisories/GHSA-pr4f-4pcx-2r3h", "reference_id": "GHSA-pr4f-4pcx-2r3h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pr4f-4pcx-2r3h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25846?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.4" } ], "aliases": [ "CVE-2022-2796", "GHSA-pr4f-4pcx-2r3h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1gy-kwn1-3fgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144501?format=api", "vulnerability_id": "VCID-u34s-hhf3-uyfy", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00676", "published_at": "2026-06-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00681", "published_at": "2026-06-14T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00677", "published_at": "2026-06-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00675", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1116" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14467.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14467.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-96hp-38wx-j3wc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-96hp-38wx-j3wc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1116", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1116" }, { "reference_url": "https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1", "reference_id": "3245ff99-9adf-4db9-af94-f995747e09d1", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:54Z/" } ], "url": "https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e", "reference_id": "f6d322efa207a737eedd8726b7c92e957a83341e", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:54Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e" }, { "reference_url": "https://github.com/advisories/GHSA-96hp-38wx-j3wc", "reference_id": "GHSA-96hp-38wx-j3wc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-96hp-38wx-j3wc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380974?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/30766?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1116", "GHSA-96hp-38wx-j3wc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u34s-hhf3-uyfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150716?format=api", "vulnerability_id": "VCID-uct4-qg7n-fuh1", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01666", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0168", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01669", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01672", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2322" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2322", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2322" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773", "reference_id": "9fc674892b8b53103098b9524705074a45e7f773", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773" }, { "reference_url": "https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67", "reference_id": "f7228f3f-3bef-46fe-b0e3-56c432048a67", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/" } ], "url": "https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67" }, { "reference_url": "https://github.com/advisories/GHSA-476g-v7hf-cw5m", "reference_id": "GHSA-476g-v7hf-cw5m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-476g-v7hf-cw5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2322", "GHSA-476g-v7hf-cw5m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uct4-qg7n-fuh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207711?format=api", "vulnerability_id": "VCID-ukcy-nczn-rfhz", "summary": "Cross-site Scripting in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1731", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17147", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17299", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17326", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0509" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597" }, { "reference_url": "https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0509", "reference_id": "CVE-2022-0509", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0509" }, { "reference_url": "https://github.com/advisories/GHSA-cg3h-rc9q-g8v9", "reference_id": "GHSA-cg3h-rc9q-g8v9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg3h-rc9q-g8v9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18988?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1" } ], "aliases": [ "CVE-2022-0509", "GHSA-cg3h-rc9q-g8v9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukcy-nczn-rfhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151556?format=api", "vulnerability_id": "VCID-usku-z4hw-23dn", "summary": "SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3820", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41187", "scoring_system": "epss", "scoring_elements": "0.97485", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.41187", "scoring_system": "epss", "scoring_elements": "0.97494", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.41187", "scoring_system": "epss", "scoring_elements": "0.97493", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.41187", "scoring_system": "epss", "scoring_elements": "0.97495", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3820" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-c9hw-557q-f8hq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-c9hw-557q-f8hq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3820", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3820" }, { "reference_url": "https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db", "reference_id": "b00a38b6-d040-494d-bf46-38f46ac1a1db", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T13:29:49Z/" } ], "url": "https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97", "reference_id": "e641968979d4a2377bbea5e2a76bdede040d0b97", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T13:29:49Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97" }, { "reference_url": "https://github.com/advisories/GHSA-c9hw-557q-f8hq", "reference_id": "GHSA-c9hw-557q-f8hq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c9hw-557q-f8hq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381342?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4" } ], "aliases": [ "CVE-2023-3820", "GHSA-c9hw-557q-f8hq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usku-z4hw-23dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204310?format=api", "vulnerability_id": "VCID-vccp-fr1b-p3fn", "summary": "Data leakage via SQL Injection in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10763", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00713", "published_at": "2026-06-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00715", "published_at": "2026-06-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00719", "published_at": "2026-06-14T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00714", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10763" }, { "reference_url": "https://blog.certimetergroup.com/it/articolo/security/sql_injection_in_pimcore_6.2.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.certimetergroup.com/it/articolo/security/sql_injection_in_pimcore_6.2.3" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-480391", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-480391" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10763", "reference_id": "CVE-2019-10763", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10763" }, { "reference_url": "https://github.com/advisories/GHSA-fpff-384j-vxq7", "reference_id": "GHSA-fpff-384j-vxq7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpff-384j-vxq7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15826?format=api", "purl": "pkg:composer/pimcore/pimcore@6.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.3.0" } ], "aliases": [ "CVE-2019-10763", "GHSA-fpff-384j-vxq7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vccp-fr1b-p3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66858?format=api", "vulnerability_id": "VCID-vgqm-xjtk-yffe", "summary": "Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This vulnerability is fixed in 12.3.1 and 11.5.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23494", "reference_id": "", "reference_type": "", "scores": [ { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "8e-05", "published_at": "2026-06-14T12:55:00Z" }, { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "0.00015", "published_at": "2026-06-12T12:55:00Z" }, { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "9e-05", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23494" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/18893", "reference_id": "18893", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/18893" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23494", "reference_id": "CVE-2026-23494", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23494" }, { "reference_url": "https://github.com/advisories/GHSA-m3r2-724c-pwgf", "reference_id": "GHSA-m3r2-724c-pwgf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m3r2-724c-pwgf" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf", "reference_id": "GHSA-m3r2-724c-pwgf", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14", "reference_id": "v11.5.14", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1", "reference_id": "v12.3.1", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37759?format=api", "purl": "pkg:composer/pimcore/pimcore@11.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-em5a-b39y-6qgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/37762?format=api", "purl": "pkg:composer/pimcore/pimcore@12.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-em5a-b39y-6qgc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1" } ], "aliases": [ "CVE-2026-23494", "GHSA-m3r2-724c-pwgf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgqm-xjtk-yffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208744?format=api", "vulnerability_id": "VCID-vwzr-xk59-3ue5", "summary": "SQL Injection in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.402", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.40031", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.40213", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.40224", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1219" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017" }, { "reference_url": "https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1219", "reference_id": "CVE-2022-1219", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1219" }, { "reference_url": "https://github.com/advisories/GHSA-6gm7-j668-w6h9", "reference_id": "GHSA-6gm7-j668-w6h9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6gm7-j668-w6h9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20075?format=api", "purl": "pkg:composer/pimcore/pimcore@10.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.5" } ], "aliases": [ "CVE-2022-1219", "GHSA-6gm7-j668-w6h9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vwzr-xk59-3ue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/300671?format=api", "vulnerability_id": "VCID-wamt-dcf8-6ybv", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14057", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00643", "published_at": "2026-06-14T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00638", "published_at": "2026-06-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00639", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14057" }, { "reference_url": "http://seclists.org/fulldisclosure/2018/Aug/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2018/Aug/13" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14057", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14057" }, { "reference_url": "https://www.exploit-db.com/exploits/45208", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45208" }, { "reference_url": "https://www.exploit-db.com/exploits/45208/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/45208/" }, { "reference_url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software" }, { "reference_url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45208.txt", "reference_id": "CVE-2018-14059;CVE-2018-14058;CVE-2018-14057", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45208.txt" }, { "reference_url": "https://github.com/advisories/GHSA-gmff-vcv6-mmfr", "reference_id": "GHSA-gmff-vcv6-mmfr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gmff-vcv6-mmfr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384746?format=api", "purl": "pkg:composer/pimcore/pimcore@5.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-1rf9-bjfm-cybk" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-39gk-fakk-syek" }, { "vulnerability": "VCID-3axp-csny-ryd8" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7r3k-vnfw-vqe3" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-jt8j-hy8f-p7hk" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zaw5-m5vq-myc6" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.3.0" } ], "aliases": [ "CVE-2018-14057", "GHSA-gmff-vcv6-mmfr" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wamt-dcf8-6ybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207555?format=api", "vulnerability_id": "VCID-wbbu-rkkp-ebbj", "summary": "Cross-site Scripting in Pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02711", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02706", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.027", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0251" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb" }, { "reference_url": "https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0251", "reference_id": "CVE-2022-0251", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0251" }, { "reference_url": "https://github.com/advisories/GHSA-f7q6-xxph-mfm8", "reference_id": "GHSA-f7q6-xxph-mfm8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7q6-xxph-mfm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392127?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/18832?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.10" } ], "aliases": [ "CVE-2022-0251", "GHSA-f7q6-xxph-mfm8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbbu-rkkp-ebbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151823?format=api", "vulnerability_id": "VCID-xrdb-kuj9-yffv", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1097", "scoring_system": "epss", "scoring_elements": "0.93587", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.1097", "scoring_system": "epss", "scoring_elements": "0.93612", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.1097", "scoring_system": "epss", "scoring_elements": "0.93608", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.1097", "scoring_system": "epss", "scoring_elements": "0.93611", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3822" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3822", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3822" }, { "reference_url": "https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5", "reference_id": "2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:11:54Z/" } ], "url": "https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236", "reference_id": "d75888a9b14baaad591548463cca09dfd1395236", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:11:54Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236" }, { "reference_url": "https://github.com/advisories/GHSA-vmpv-qjhq-r463", "reference_id": "GHSA-vmpv-qjhq-r463", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vmpv-qjhq-r463" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381342?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4" } ], "aliases": [ "CVE-2023-3822", "GHSA-vmpv-qjhq-r463" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrdb-kuj9-yffv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140092?format=api", "vulnerability_id": "VCID-xxfx-xxax-g3g2", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4453", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00113", "published_at": "2026-06-14T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00114", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4453" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-599v-h3q5-g6r9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-599v-h3q5-g6r9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4453", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4453" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e", "reference_id": "234c0c02ea7502071b00ab673fbe4a6ac253080e", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T14:05:40Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e" }, { "reference_url": "https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993", "reference_id": "245a8785-0fc0-4561-b181-fa20f869d993", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T14:05:40Z/" } ], "url": "https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993" }, { "reference_url": "https://github.com/advisories/GHSA-599v-h3q5-g6r9", "reference_id": "GHSA-599v-h3q5-g6r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-599v-h3q5-g6r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380566?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/30766?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-4453", "GHSA-599v-h3q5-g6r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxfx-xxax-g3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/335397?format=api", "vulnerability_id": "VCID-xzr8-6qq1-quaf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06676", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06697", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06685", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06669", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23340" }, { "reference_url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23340" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132" }, { "reference_url": "https://github.com/advisories/GHSA-h7f9-cvh5-qw7f", "reference_id": "GHSA-h7f9-cvh5-qw7f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7f9-cvh5-qw7f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382770?format=api", "purl": "pkg:composer/pimcore/pimcore@6.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.8.8" } ], "aliases": [ "CVE-2021-23340", "GHSA-h7f9-cvh5-qw7f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xzr8-6qq1-quaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/300673?format=api", "vulnerability_id": "VCID-y8dz-w8dz-kqcn", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14059", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00372", "published_at": "2026-06-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0037", "published_at": "2026-06-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00368", "published_at": "2026-06-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00375", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14059" }, { "reference_url": "http://seclists.org/fulldisclosure/2018/Aug/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2018/Aug/13" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14059", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14059" }, { "reference_url": "https://www.exploit-db.com/exploits/45208", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45208" }, { "reference_url": "https://www.exploit-db.com/exploits/45208/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/45208/" }, { "reference_url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software" }, { "reference_url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/" }, { "reference_url": "https://github.com/advisories/GHSA-276r-24xq-hwg8", "reference_id": "GHSA-276r-24xq-hwg8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-276r-24xq-hwg8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384746?format=api", "purl": "pkg:composer/pimcore/pimcore@5.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-1rf9-bjfm-cybk" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-39gk-fakk-syek" }, { "vulnerability": "VCID-3axp-csny-ryd8" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7r3k-vnfw-vqe3" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-jt8j-hy8f-p7hk" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zaw5-m5vq-myc6" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.3.0" } ], "aliases": [ "CVE-2018-14059", "GHSA-276r-24xq-hwg8" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8dz-w8dz-kqcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206973?format=api", "vulnerability_id": "VCID-y9m4-cwvv-mbhe", "summary": "pimcore is vulnerable to Cross-site Scripting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02537", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02534", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02527", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4081" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a" }, { "reference_url": "https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4081", "reference_id": "CVE-2021-4081", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4081" }, { "reference_url": "https://github.com/advisories/GHSA-3p85-p4qg-hcrp", "reference_id": "GHSA-3p85-p4qg-hcrp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3p85-p4qg-hcrp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18368?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6" } ], "aliases": [ "CVE-2021-4081", "GHSA-3p85-p4qg-hcrp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y9m4-cwvv-mbhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144666?format=api", "vulnerability_id": "VCID-ygzv-hrfh-47gr", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10885", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10854", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1083", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10888", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1312" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1312" }, { "reference_url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356", "reference_id": "2a64a32d-b1cc-4def-91da-18040d59f356", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T15:36:24Z/" } ], "url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb", "reference_id": "d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T15:36:24Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb" }, { "reference_url": "https://github.com/advisories/GHSA-gh4g-65f6-84g5", "reference_id": "GHSA-gh4g-65f6-84g5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh4g-65f6-84g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380799?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/30766?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1312", "GHSA-gh4g-65f6-84g5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygzv-hrfh-47gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150969?format=api", "vulnerability_id": "VCID-ypv8-jnky-vkc4", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2323", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00677", "published_at": "2026-06-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00681", "published_at": "2026-06-14T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00675", "published_at": "2026-06-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00676", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2323" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2323", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2323" }, { "reference_url": "https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3", "reference_id": "41edf190-f6bf-4a29-a237-7ff1b2d048d3", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:50Z/" } ], "url": "https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e", "reference_id": "e88fa79de7b5903fb58ddbc231130b04d937d79e", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:50Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e" }, { "reference_url": "https://github.com/advisories/GHSA-cjv6-w5hf-5wr6", "reference_id": "GHSA-cjv6-w5hf-5wr6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjv6-w5hf-5wr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2323", "GHSA-cjv6-w5hf-5wr6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ypv8-jnky-vkc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/313576?format=api", "vulnerability_id": "VCID-zaw5-m5vq-myc6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18981", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00878", "published_at": "2026-06-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00875", "published_at": "2026-06-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00881", "published_at": "2026-06-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00884", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18981" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/0a5d80b2593b2ebe35d19756b730ba33aa049106", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/0a5d80b2593b2ebe35d19756b730ba33aa049106" }, { "reference_url": "https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18981", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18981" }, { "reference_url": "https://github.com/advisories/GHSA-jhcf-j4hg-v64r", "reference_id": "GHSA-jhcf-j4hg-v64r", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jhcf-j4hg-v64r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385331?format=api", "purl": "pkg:composer/pimcore/pimcore@6.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1e6u-83q7-kbcm" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3faz-tfm7-mfag" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3kex-5jub-5ff8" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-42kn-ucws-muhu" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hmq1-yjsd-5fah" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-pe3m-swu2-wybk" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-sk99-1trk-syb4" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vccp-fr1b-p3fn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-xzr8-6qq1-quaf" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zbvh-bt4c-e3em" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.2.2" } ], "aliases": [ "CVE-2019-18981", "GHSA-jhcf-j4hg-v64r" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zaw5-m5vq-myc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/342560?format=api", "vulnerability_id": "VCID-zbvh-bt4c-e3em", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05793", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05815", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05806", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05796", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39189" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca039132bdfcbb0dce", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca039132bdfcbb0dce" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/10223.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/10223.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9" }, { "reference_url": "https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c" }, { "reference_url": "https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39189", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39189" }, { "reference_url": "https://github.com/advisories/GHSA-579x-cjvr-cqj9", "reference_id": "GHSA-579x-cjvr-cqj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-579x-cjvr-cqj9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382611?format=api", "purl": "pkg:composer/pimcore/pimcore@10.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-cr87-arup-w3gs" }, { "vulnerability": "VCID-d73k-kkeb-n3b5" }, { "vulnerability": "VCID-d8pe-27pm-xbfy" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-eqbu-bpgy-1yd3" }, { "vulnerability": "VCID-f189-dkah-2ke1" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sft8-4vjf-4ygm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-wbbu-rkkp-ebbj" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-y9m4-cwvv-mbhe" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" }, { "vulnerability": "VCID-zzzx-vnz8-fuhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.3" } ], "aliases": [ "CVE-2021-39189", "GHSA-579x-cjvr-cqj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbvh-bt4c-e3em" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129691?format=api", "vulnerability_id": "VCID-zgrb-9ta2-pqgu", "summary": "Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20426", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20403", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20229", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20404", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30849" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30849", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30849" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14968", "reference_id": "14968", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14968" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch", "reference_id": "c6c80905e58c7724c776f980570a56df7016c6d1.patch", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch" }, { "reference_url": "https://github.com/advisories/GHSA-xmg8-w465-mr56", "reference_id": "GHSA-xmg8-w465-mr56", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmg8-w465-mr56" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56", "reference_id": "GHSA-xmg8-w465-mr56", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379391?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30849", "GHSA-xmg8-w465-mr56" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgrb-9ta2-pqgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144407?format=api", "vulnerability_id": "VCID-zxa3-m253-gug3", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1117", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00776", "published_at": "2026-06-14T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00771", "published_at": "2026-06-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00773", "published_at": "2026-06-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00774", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1117" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qxcw-rf4v-hp26", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qxcw-rf4v-hp26" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1117", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1117" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853", "reference_id": "b9ba69f66d6a9986fb36f239661b98cd33a89853", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:19Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853" }, { "reference_url": "https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39", "reference_id": "e8c0044d-a31b-4347-b2d5-59fbf492da39", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:19Z/" } ], "url": "https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39" }, { "reference_url": "https://github.com/advisories/GHSA-qxcw-rf4v-hp26", "reference_id": "GHSA-qxcw-rf4v-hp26", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxcw-rf4v-hp26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380974?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/30766?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-phk5-1sq4-t3gn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1117", "GHSA-qxcw-rf4v-hp26" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxa3-m253-gug3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207545?format=api", "vulnerability_id": "VCID-zzzx-vnz8-fuhc", "summary": "Cross-site Scripting in pimcore", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08355", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08317", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08354", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08357", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0260" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/665976327ad3c2c87efa2a5a64d696032c0a8109", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/665976327ad3c2c87efa2a5a64d696032c0a8109" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/11205", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/11205" }, { "reference_url": "https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0260", "reference_id": "CVE-2022-0260", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0260" }, { "reference_url": "https://github.com/advisories/GHSA-455w-gv5p-wgg3", "reference_id": "GHSA-455w-gv5p-wgg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-455w-gv5p-wgg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18419?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-cgxg-fxyp-dfd8" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-ha9j-gnw7-rucq" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-hzjc-d8zw-5bbf" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mhbd-nf8m-vfgf" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/18740?format=api", "purl": "pkg:composer/pimcore/pimcore@10.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16vs-u1gr-g3ch" }, { "vulnerability": "VCID-19kg-dggk-9bgb" }, { "vulnerability": "VCID-1ghg-916g-5ycf" }, { "vulnerability": "VCID-2dhw-5ft3-4udh" }, { "vulnerability": "VCID-2n5e-7xn6-4ubt" }, { "vulnerability": "VCID-35c5-mzwz-8bgw" }, { "vulnerability": "VCID-3b57-hrf9-z3e2" }, { "vulnerability": "VCID-3hs9-ywbk-rbdy" }, { "vulnerability": "VCID-3q4h-tcnp-7qa1" }, { "vulnerability": "VCID-3xuv-b8w7-d7hf" }, { "vulnerability": "VCID-4ar7-yac3-fkf7" }, { "vulnerability": "VCID-4jxn-m7de-5yay" }, { "vulnerability": "VCID-4n7p-vgv2-2qc3" }, { "vulnerability": "VCID-4tqk-ragu-h7ce" }, { "vulnerability": "VCID-5ds5-2ey4-u7gm" }, { "vulnerability": "VCID-6286-wv98-9uht" }, { "vulnerability": "VCID-6etn-5u58-sqgg" }, { "vulnerability": "VCID-6fw4-9qqw-bqen" }, { "vulnerability": "VCID-6uw7-89nn-tkg3" }, { "vulnerability": "VCID-6z66-zt5u-ybbc" }, { "vulnerability": "VCID-7191-wmtq-7fdg" }, { "vulnerability": "VCID-79ph-2nu8-4bhf" }, { "vulnerability": "VCID-7kzv-g2ns-e7gr" }, { "vulnerability": "VCID-7rvk-x76k-rkex" }, { "vulnerability": "VCID-843n-ga86-syg7" }, { "vulnerability": "VCID-8caz-76fk-x7er" }, { "vulnerability": "VCID-8d6u-y4zg-7bbq" }, { "vulnerability": "VCID-8jqk-yf3u-a3gn" }, { "vulnerability": "VCID-9d5s-3c9u-c7gg" }, { "vulnerability": "VCID-9fwv-b6y6-cqe7" }, { "vulnerability": "VCID-a9r6-chrk-9ffe" }, { "vulnerability": "VCID-afta-wcuy-4kah" }, { "vulnerability": "VCID-akv1-wzyh-fydj" }, { "vulnerability": "VCID-amnn-gf11-7yc2" }, { "vulnerability": "VCID-b4ba-atzn-wkay" }, { "vulnerability": "VCID-bed6-u2ht-dqgs" }, { "vulnerability": "VCID-c1pt-5z3d-wffr" }, { "vulnerability": "VCID-cbz2-sxrt-rffn" }, { "vulnerability": "VCID-e793-c5wh-yuaf" }, { "vulnerability": "VCID-em5a-b39y-6qgc" }, { "vulnerability": "VCID-fcm6-y2yu-2uca" }, { "vulnerability": "VCID-gf98-8eeb-afc5" }, { "vulnerability": "VCID-ha34-7pm3-pqgm" }, { "vulnerability": "VCID-hdnj-vcx7-e7cw" }, { "vulnerability": "VCID-hjs3-9b5k-e7c4" }, { "vulnerability": "VCID-hsfu-wneb-1kb3" }, { "vulnerability": "VCID-j76y-vhb3-4kc8" }, { "vulnerability": "VCID-k9su-rd5b-ubg9" }, { "vulnerability": "VCID-kq1j-jfjz-7yb2" }, { "vulnerability": "VCID-mmg6-qgw8-uffr" }, { "vulnerability": "VCID-mwcv-7yze-jyfe" }, { "vulnerability": "VCID-nsv2-svcf-83f1" }, { "vulnerability": "VCID-nyrx-zsbe-23g8" }, { "vulnerability": "VCID-p5rs-jqqj-dudg" }, { "vulnerability": "VCID-puqv-p29k-6bhv" }, { "vulnerability": "VCID-pvba-dkzz-xfc4" }, { "vulnerability": "VCID-pvq6-vk11-6qdp" }, { "vulnerability": "VCID-pvqw-sqms-aqg6" }, { "vulnerability": "VCID-pxg6-wvup-gkhb" }, { "vulnerability": "VCID-r243-r7yh-93d1" }, { "vulnerability": "VCID-rq96-5ke4-kqcd" }, { "vulnerability": "VCID-rxn9-7h5z-pyfm" }, { "vulnerability": "VCID-svwv-hc14-bfhj" }, { "vulnerability": "VCID-sw1n-sk71-y7bs" }, { "vulnerability": "VCID-sycr-3zm4-n7hm" }, { "vulnerability": "VCID-tcfq-uejs-nqbz" }, { "vulnerability": "VCID-tpw6-n6zr-tkcc" }, { "vulnerability": "VCID-u1gy-kwn1-3fgv" }, { "vulnerability": "VCID-u34s-hhf3-uyfy" }, { "vulnerability": "VCID-uct4-qg7n-fuh1" }, { "vulnerability": "VCID-ukcy-nczn-rfhz" }, { "vulnerability": "VCID-usku-z4hw-23dn" }, { "vulnerability": "VCID-vgqm-xjtk-yffe" }, { "vulnerability": "VCID-vwzr-xk59-3ue5" }, { "vulnerability": "VCID-xrdb-kuj9-yffv" }, { "vulnerability": "VCID-xxfx-xxax-g3g2" }, { "vulnerability": "VCID-ygzv-hrfh-47gr" }, { "vulnerability": "VCID-ypv8-jnky-vkc4" }, { "vulnerability": "VCID-zgrb-9ta2-pqgu" }, { "vulnerability": "VCID-zxa3-m253-gug3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9" } ], "aliases": [ "CVE-2022-0260", "GHSA-455w-gv5p-wgg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzzx-vnz8-fuhc" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@2.3.0" }