Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63577?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63577?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.14", "type": "composer", "namespace": "pimcore", "name": "pimcore", "version": "10.5.14", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "12.3.4", "latest_non_vulnerable_version": "12.3.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44704?format=api", "vulnerability_id": "VCID-1qrb-ra1y-1uf3", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03609", "scoring_system": "epss", "scoring_elements": "0.88016", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.03609", "scoring_system": "epss", "scoring_elements": "0.88013", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03609", "scoring_system": "epss", "scoring_elements": "0.87992", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1578" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-25T19:51:39Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14538", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14538" }, { "reference_url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-25T19:51:39Z/" } ], "url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e" }, { "reference_url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1578", "reference_id": "CVE-2023-1578", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1578" }, { "reference_url": "https://github.com/advisories/GHSA-42c3-wvww-gcqj", "reference_id": "GHSA-42c3-wvww-gcqj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-42c3-wvww-gcqj" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-42c3-wvww-gcqj", "reference_id": "GHSA-42c3-wvww-gcqj", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-42c3-wvww-gcqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-1578", "GHSA-42c3-wvww-gcqj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qrb-ra1y-1uf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56789?format=api", "vulnerability_id": "VCID-21s4-mb97-v7bh", "summary": "Pimcore Vulnerable to SQL Injection in getRelationFilterCondition\nAuthenticated users can craft a filter string used to cause a SQL injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68139", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68146", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68138", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27617" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/" } ], "url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47" }, { "reference_url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/" } ], "url": "https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27617", "reference_id": "CVE-2025-27617", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27617" }, { "reference_url": "https://github.com/advisories/GHSA-qjpx-5m2p-5pgh", "reference_id": "GHSA-qjpx-5m2p-5pgh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qjpx-5m2p-5pgh" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh", "reference_id": "GHSA-qjpx-5m2p-5pgh", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84329?format=api", "purl": "pkg:composer/pimcore/pimcore@11.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.4" } ], "aliases": [ "CVE-2025-27617", "GHSA-qjpx-5m2p-5pgh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21s4-mb97-v7bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44783?format=api", "vulnerability_id": "VCID-29a6-htj3-z3dr", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02696", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0266", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02713", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02708", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1702" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:51:36Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14721.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14721.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6qjm-39vh-729w", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6qjm-39vh-729w" }, { "reference_url": "https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:51:36Z/" } ], "url": "https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1702", "reference_id": "CVE-2023-1702", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1702" }, { "reference_url": "https://github.com/advisories/GHSA-69fc-v223-6rjw", "reference_id": "GHSA-69fc-v223-6rjw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69fc-v223-6rjw" }, { "reference_url": "https://github.com/advisories/GHSA-6qjm-39vh-729w", "reference_id": "GHSA-6qjm-39vh-729w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6qjm-39vh-729w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64449?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1702", "GHSA-69fc-v223-6rjw", "GHSA-6qjm-39vh-729w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29a6-htj3-z3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45304?format=api", "vulnerability_id": "VCID-2gzw-gxs8-zkbq", "summary": "Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2983", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0051", "published_at": "2026-06-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00883", "published_at": "2026-06-06T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01048", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2983" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T20:52:11Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m4mv-rmr7-h5f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m4mv-rmr7-h5f5" }, { "reference_url": "https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T20:52:11Z/" } ], "url": "https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2983", "reference_id": "CVE-2023-2983", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2983" }, { "reference_url": "https://github.com/advisories/GHSA-m4mv-rmr7-h5f5", "reference_id": "GHSA-m4mv-rmr7-h5f5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4mv-rmr7-h5f5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65285?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.23" } ], "aliases": [ "CVE-2023-2983", "GHSA-m4mv-rmr7-h5f5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2gzw-gxs8-zkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44683?format=api", "vulnerability_id": "VCID-3qx3-fvbw-3fay", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03389", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03387", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03401", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28108" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14633", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14633" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28108", "reference_id": "CVE-2023-28108", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28108" }, { "reference_url": "https://github.com/advisories/GHSA-xc9p-r5qj-8xm9", "reference_id": "GHSA-xc9p-r5qj-8xm9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc9p-r5qj-8xm9" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9", "reference_id": "GHSA-xc9p-r5qj-8xm9", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-28108", "GHSA-xc9p-r5qj-8xm9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qx3-fvbw-3fay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49707?format=api", "vulnerability_id": "VCID-53nb-8vf3-9ubb", "summary": "Pimcore Has an Incomplete Patch for CVE-2023-30848\nAn **incomplete SQL injection patch** in the Admin Search Find API allows an authenticated attacker to perform **blind SQL injection**.\nAlthough CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to **database information disclosure**.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23492", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00249", "published_at": "2026-06-07T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00251", "published_at": "2026-06-06T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.0025", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23492" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23492", "reference_id": "CVE-2026-23492", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23492" }, { "reference_url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8", "reference_id": "GHSA-6mhm-gcpf-5gr8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8" }, { "reference_url": "https://github.com/advisories/GHSA-qvr7-7g55-69xj", "reference_id": "GHSA-qvr7-7g55-69xj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvr7-7g55-69xj" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj", "reference_id": "GHSA-qvr7-7g55-69xj", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73400?format=api", "purl": "pkg:composer/pimcore/pimcore@11.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmpr-1fgb-jqea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/73399?format=api", "purl": "pkg:composer/pimcore/pimcore@12.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmpr-1fgb-jqea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1" } ], "aliases": [ "CVE-2026-23492", "GHSA-qvr7-7g55-69xj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53nb-8vf3-9ubb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45087?format=api", "vulnerability_id": "VCID-6p5t-7h74-gueh", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nPath Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01591", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01585", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2336" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:58Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4" }, { "reference_url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:58Z/" } ], "url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2336", "reference_id": "CVE-2023-2336", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2336" }, { "reference_url": "https://github.com/advisories/GHSA-hg77-vx9v-f49x", "reference_id": "GHSA-hg77-vx9v-f49x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hg77-vx9v-f49x" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x", "reference_id": "GHSA-hg77-vx9v-f49x", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2336", "GHSA-hg77-vx9v-f49x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6p5t-7h74-gueh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44360?format=api", "vulnerability_id": "VCID-8p88-g4b6-sfg3", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0174", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01753", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01755", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01749", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23937" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/75a448ef8ac74424cf4e723afeb6d05f9eed872f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:14Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/75a448ef8ac74424cf4e723afeb6d05f9eed872f" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14125", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14125" }, { "reference_url": "https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38" }, { "reference_url": "https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23937", "reference_id": "CVE-2023-23937", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23937" }, { "reference_url": "https://github.com/advisories/GHSA-8xv4-jj4h-qww6", "reference_id": "GHSA-8xv4-jj4h-qww6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xv4-jj4h-qww6" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-8xv4-jj4h-qww6", "reference_id": "GHSA-8xv4-jj4h-qww6", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:14Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-8xv4-jj4h-qww6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63828?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qrb-ra1y-1uf3" }, { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-3qx3-fvbw-3fay" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-b5sk-cu89-hubw" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cndq-yx1e-jkg7" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d3ns-rfuc-dkdp" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fjvx-uvar-6fcq" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-kb9x-es6p-73eh" }, { "vulnerability": "VCID-kw4t-2xte-b3du" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-muk7-qswq-j3cy" }, { "vulnerability": "VCID-n6ne-ucpz-u3bb" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-ppum-bu2e-b3hr" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-s6xd-j7a8-u3c8" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-vra6-hemr-kuf1" }, { "vulnerability": "VCID-vser-cuam-k7hs" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-w2nk-gqyj-3yay" }, { "vulnerability": "VCID-wj8w-76xv-jucd" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-wrtm-zhun-ffbt" }, { "vulnerability": "VCID-xks7-nx83-9khy" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.16" } ], "aliases": [ "CVE-2023-23937", "GHSA-8xv4-jj4h-qww6", "GMS-2023-222" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8p88-g4b6-sfg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45658?format=api", "vulnerability_id": "VCID-b358-dxdm-vqe7", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11372", "scoring_system": "epss", "scoring_elements": "0.93699", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.11372", "scoring_system": "epss", "scoring_elements": "0.93698", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3673" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9" }, { "reference_url": "https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/" } ], "url": "https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3673", "reference_id": "CVE-2023-3673", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3673" }, { "reference_url": "https://github.com/advisories/GHSA-rxp5-qwrf-pfv3", "reference_id": "GHSA-rxp5-qwrf-pfv3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxp5-qwrf-pfv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66144?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.24" } ], "aliases": [ "CVE-2023-3673", "GHSA-rxp5-qwrf-pfv3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b358-dxdm-vqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44468?format=api", "vulnerability_id": "VCID-b5sk-cu89-hubw", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pimcore/pimcore.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/advisories/GHSA-76r7-h46w-463r", "reference_id": "GHSA-76r7-h46w-463r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76r7-h46w-463r" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-76r7-h46w-463r", "reference_id": "GHSA-76r7-h46w-463r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-76r7-h46w-463r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63968?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qrb-ra1y-1uf3" }, { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-3qx3-fvbw-3fay" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cndq-yx1e-jkg7" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d3ns-rfuc-dkdp" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fjvx-uvar-6fcq" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-kb9x-es6p-73eh" }, { "vulnerability": "VCID-kw4t-2xte-b3du" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-muk7-qswq-j3cy" }, { "vulnerability": "VCID-n6ne-ucpz-u3bb" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-ppum-bu2e-b3hr" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-s6xd-j7a8-u3c8" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-vra6-hemr-kuf1" }, { "vulnerability": "VCID-vser-cuam-k7hs" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-w2nk-gqyj-3yay" }, { "vulnerability": "VCID-wj8w-76xv-jucd" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-wrtm-zhun-ffbt" }, { "vulnerability": "VCID-xks7-nx83-9khy" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "GHSA-76r7-h46w-463r", "GMS-2023-363" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5sk-cu89-hubw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45153?format=api", "vulnerability_id": "VCID-begq-psyd-fyh3", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0128", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01285", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01283", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2630" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:39:45Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38" }, { "reference_url": "https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:39:45Z/" } ], "url": "https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2630", "reference_id": "CVE-2023-2630", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2630" }, { "reference_url": "https://github.com/advisories/GHSA-w766-3572-f2hv", "reference_id": "GHSA-w766-3572-f2hv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w766-3572-f2hv" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv", "reference_id": "GHSA-w766-3572-f2hv", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2630", "GHSA-w766-3572-f2hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-begq-psyd-fyh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45086?format=api", "vulnerability_id": "VCID-bqh2-mx6q-pygq", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2323", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00679", "published_at": "2026-06-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0068", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2323" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:50Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e" }, { "reference_url": "https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:50Z/" } ], "url": "https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2323", "reference_id": "CVE-2023-2323", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2323" }, { "reference_url": "https://github.com/advisories/GHSA-cjv6-w5hf-5wr6", "reference_id": "GHSA-cjv6-w5hf-5wr6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjv6-w5hf-5wr6" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6", "reference_id": "GHSA-cjv6-w5hf-5wr6", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2323", "GHSA-cjv6-w5hf-5wr6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqh2-mx6q-pygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44781?format=api", "vulnerability_id": "VCID-c2ht-41t3-eqaq", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03517", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03523", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03537", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03524", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1704" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:30:59Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14732.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14732.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hfmg-g39c-5444", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hfmg-g39c-5444" }, { "reference_url": "https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:30:59Z/" } ], "url": "https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1704", "reference_id": "CVE-2023-1704", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1704" }, { "reference_url": "https://github.com/advisories/GHSA-hfmg-g39c-5444", "reference_id": "GHSA-hfmg-g39c-5444", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hfmg-g39c-5444" }, { "reference_url": "https://github.com/advisories/GHSA-rp78-4562-gx3c", "reference_id": "GHSA-rp78-4562-gx3c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rp78-4562-gx3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64449?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1704", "GHSA-hfmg-g39c-5444", "GHSA-rp78-4562-gx3c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2ht-41t3-eqaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45063?format=api", "vulnerability_id": "VCID-ccyy-h9dp-cya2", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2342", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02105", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02101", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02112", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2342" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:31:26Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564" }, { "reference_url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:31:26Z/" } ], "url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2342", "reference_id": "CVE-2023-2342", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2342" }, { "reference_url": "https://github.com/advisories/GHSA-2c67-p4xh-m34w", "reference_id": "GHSA-2c67-p4xh-m34w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2c67-p4xh-m34w" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w", "reference_id": "GHSA-2c67-p4xh-m34w", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2342", "GHSA-2c67-p4xh-m34w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccyy-h9dp-cya2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45131?format=api", "vulnerability_id": "VCID-cndq-yx1e-jkg7", "summary": "Relative Path Traversal in pimcore/pimcore.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30855", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00431", "published_at": "2026-06-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00437", "published_at": "2026-06-06T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00436", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30855" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7f788fa44bc18bc1c9182c25e26b770a1d30b62f.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/7f788fa44bc18bc1c9182c25e26b770a1d30b62f.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14498" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30855", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30855" }, { "reference_url": "https://github.com/advisories/GHSA-g2mc-fqqc-hxg3", "reference_id": "GHSA-g2mc-fqqc-hxg3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g2mc-fqqc-hxg3" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g2mc-fqqc-hxg3", "reference_id": "GHSA-g2mc-fqqc-hxg3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g2mc-fqqc-hxg3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64071?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qrb-ra1y-1uf3" }, { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-3qx3-fvbw-3fay" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d3ns-rfuc-dkdp" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-kb9x-es6p-73eh" }, { "vulnerability": "VCID-kw4t-2xte-b3du" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-n6ne-ucpz-u3bb" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-s6xd-j7a8-u3c8" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-vra6-hemr-kuf1" }, { "vulnerability": "VCID-vser-cuam-k7hs" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wj8w-76xv-jucd" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-wrtm-zhun-ffbt" }, { "vulnerability": "VCID-xks7-nx83-9khy" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" } ], "aliases": [ "CVE-2023-30855", "GHSA-g2mc-fqqc-hxg3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cndq-yx1e-jkg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45070?format=api", "vulnerability_id": "VCID-cr5h-bz5b-jufg", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2343", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01022", "published_at": "2026-06-05T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01023", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2343" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:04:53Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e" }, { "reference_url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:04:53Z/" } ], "url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2343", "reference_id": "CVE-2023-2343", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2343" }, { "reference_url": "https://github.com/advisories/GHSA-9q7q-r54q-3f3g", "reference_id": "GHSA-9q7q-r54q-3f3g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9q7q-r54q-3f3g" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g", "reference_id": "GHSA-9q7q-r54q-3f3g", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2343", "GHSA-9q7q-r54q-3f3g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cr5h-bz5b-jufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45066?format=api", "vulnerability_id": "VCID-cyfe-vput-1fbk", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04367", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04346", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04356", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2341" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:03Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11" }, { "reference_url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:03Z/" } ], "url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2341", "reference_id": "CVE-2023-2341", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2341" }, { "reference_url": "https://github.com/advisories/GHSA-fq95-rx4q-qgg2", "reference_id": "GHSA-fq95-rx4q-qgg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fq95-rx4q-qgg2" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2", "reference_id": "GHSA-fq95-rx4q-qgg2", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2341", "GHSA-fq95-rx4q-qgg2" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyfe-vput-1fbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44641?format=api", "vulnerability_id": "VCID-d3ns-rfuc-dkdp", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10818", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10779", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10865", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10854", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1312" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T15:36:24Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb" }, { "reference_url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T15:36:24Z/" } ], "url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1312", "reference_id": "CVE-2023-1312", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1312" }, { "reference_url": "https://github.com/advisories/GHSA-gh4g-65f6-84g5", "reference_id": "GHSA-gh4g-65f6-84g5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh4g-65f6-84g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1312", "GHSA-gh4g-65f6-84g5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3ns-rfuc-dkdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45085?format=api", "vulnerability_id": "VCID-d6cw-a4th-eueu", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20255", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20209", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20247", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30849" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14968", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14968" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30849", "reference_id": "CVE-2023-30849", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30849" }, { "reference_url": "https://github.com/advisories/GHSA-xmg8-w465-mr56", "reference_id": "GHSA-xmg8-w465-mr56", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmg8-w465-mr56" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56", "reference_id": "GHSA-xmg8-w465-mr56", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30849", "GHSA-xmg8-w465-mr56" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6cw-a4th-eueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45783?format=api", "vulnerability_id": "VCID-dmrj-fj5a-vqbh", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nPimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.\nThe impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38708", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00211", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38708" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:21:04Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38708", "reference_id": "CVE-2023-38708", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38708" }, { "reference_url": "https://github.com/advisories/GHSA-34hj-v8fm-x887", "reference_id": "GHSA-34hj-v8fm-x887", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-34hj-v8fm-x887" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887", "reference_id": "GHSA-34hj-v8fm-x887", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:21:04Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66447?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.7" } ], "aliases": [ "CVE-2023-38708", "GHSA-34hj-v8fm-x887" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmrj-fj5a-vqbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45067?format=api", "vulnerability_id": "VCID-e35r-qy72-4uaj", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2339", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00525", "published_at": "2026-06-06T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00522", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2339" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T21:26:57Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480" }, { "reference_url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T21:26:57Z/" } ], "url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2339", "reference_id": "CVE-2023-2339", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2339" }, { "reference_url": "https://github.com/advisories/GHSA-6fvf-x8c6-2f6j", "reference_id": "GHSA-6fvf-x8c6-2f6j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6fvf-x8c6-2f6j" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j", "reference_id": "GHSA-6fvf-x8c6-2f6j", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2339", "GHSA-6fvf-x8c6-2f6j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e35r-qy72-4uaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45074?format=api", "vulnerability_id": "VCID-e9sz-xvw9-4fbb", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19754", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19708", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1975", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2338" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-03T16:28:43Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520" }, { "reference_url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-03T16:28:43Z/" } ], "url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2338", "reference_id": "CVE-2023-2338", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2338" }, { "reference_url": "https://github.com/advisories/GHSA-4x35-vr82-xvj6", "reference_id": "GHSA-4x35-vr82-xvj6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4x35-vr82-xvj6" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6", "reference_id": "GHSA-4x35-vr82-xvj6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2338", "GHSA-4x35-vr82-xvj6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9sz-xvw9-4fbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44549?format=api", "vulnerability_id": "VCID-fjvx-uvar-6fcq", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02831", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02798", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02851", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02843", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1115" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:15:26Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14500.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14500.patch" }, { "reference_url": "https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:15:26Z/" } ], "url": "https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1115", "reference_id": "CVE-2023-1115", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1115" }, { "reference_url": "https://github.com/advisories/GHSA-97cp-8873-v2gf", "reference_id": "GHSA-97cp-8873-v2gf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97cp-8873-v2gf" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-97cp-8873-v2gf", "reference_id": "GHSA-97cp-8873-v2gf", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-97cp-8873-v2gf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64071?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qrb-ra1y-1uf3" }, { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-3qx3-fvbw-3fay" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d3ns-rfuc-dkdp" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-kb9x-es6p-73eh" }, { "vulnerability": "VCID-kw4t-2xte-b3du" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-n6ne-ucpz-u3bb" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-s6xd-j7a8-u3c8" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-vra6-hemr-kuf1" }, { "vulnerability": "VCID-vser-cuam-k7hs" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wj8w-76xv-jucd" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-wrtm-zhun-ffbt" }, { "vulnerability": "VCID-xks7-nx83-9khy" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1115", "GHSA-97cp-8873-v2gf" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjvx-uvar-6fcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45079?format=api", "vulnerability_id": "VCID-fk9y-7e4h-3uey", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0068", "published_at": "2026-06-06T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00679", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2340" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:45Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e" }, { "reference_url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:45Z/" } ], "url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2340", "reference_id": "CVE-2023-2340", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2340" }, { "reference_url": "https://github.com/advisories/GHSA-g93x-fm2w-5pxw", "reference_id": "GHSA-g93x-fm2w-5pxw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g93x-fm2w-5pxw" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw", "reference_id": "GHSA-g93x-fm2w-5pxw", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2340", "GHSA-g93x-fm2w-5pxw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fk9y-7e4h-3uey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45078?format=api", "vulnerability_id": "VCID-fzt2-896e-wudc", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the \"scriptPath\" parameter and the file name in the \"scripts\" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0114", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30852" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14959", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14959" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30852", "reference_id": "CVE-2023-30852", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30852" }, { "reference_url": "https://github.com/advisories/GHSA-j5c3-r84f-9596", "reference_id": "GHSA-j5c3-r84f-9596", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5c3-r84f-9596" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596", "reference_id": "GHSA-j5c3-r84f-9596", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30852", "GHSA-j5c3-r84f-9596" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fzt2-896e-wudc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45154?format=api", "vulnerability_id": "VCID-g8h5-e165-1bay", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01359", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01362", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01363", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2616" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:40:53Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091" }, { "reference_url": "https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:40:53Z/" } ], "url": "https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2616", "reference_id": "CVE-2023-2616", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2616" }, { "reference_url": "https://github.com/advisories/GHSA-mhpj-7m7h-8p6x", "reference_id": "GHSA-mhpj-7m7h-8p6x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhpj-7m7h-8p6x" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x", "reference_id": "GHSA-mhpj-7m7h-8p6x", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2616", "GHSA-mhpj-7m7h-8p6x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8h5-e165-1bay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45080?format=api", "vulnerability_id": "VCID-g8ha-yccg-p3f8", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01543", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01551", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01549", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30848" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14972", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14972" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30848", "reference_id": "CVE-2023-30848", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30848" }, { "reference_url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8", "reference_id": "GHSA-6mhm-gcpf-5gr8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8", "reference_id": "GHSA-6mhm-gcpf-5gr8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30848", "GHSA-6mhm-gcpf-5gr8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ha-yccg-p3f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50345?format=api", "vulnerability_id": "VCID-hmpr-1fgb-jqea", "summary": "Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause\nThe filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries.\n\nAffected code in models/Dependency/Dao.php:\n- getFilterRequiresByPath() lines 90, 95, 100\n- getFilterRequiredByPath() lines 148, 153, 158\n\nAll 6 locations use direct string concatenation like:\n\n\"AND LOWER(CONCAT(o.path, o.key)) RLIKE '\".$value.\"'\"\n\nNote that $orderBy and $orderDirection in the same methods (lines 75-81) ARE properly `whitelist`-validated, but $value has zero sanitization.\n\nEntry points (pimcore/admin-ui-classic-bundle ElementController.php):\n- GET /admin/element/get-requires-dependencies (line 654)\n- GET /admin/element/get-required-by-dependencies (line 714)\n\nThe controller JSON-decodes the filter query param and passes $filter['value'] straight to the Dao without any escaping.\n\nPoC (time-based blind):", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02378", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02429", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02434", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27461" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/18991", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/18991" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27461", "reference_id": "CVE-2026-27461", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27461" }, { "reference_url": "https://github.com/advisories/GHSA-vxg3-v4p6-f3fp", "reference_id": "GHSA-vxg3-v4p6-f3fp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxg3-v4p6-f3fp" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp", "reference_id": "GHSA-vxg3-v4p6-f3fp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73398?format=api", "purl": "pkg:composer/pimcore/pimcore@12.0.0-RC1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.0.0-RC1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74234?format=api", "purl": "pkg:composer/pimcore/pimcore@12.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hrxz-az84-2ua8" }, { "vulnerability": "VCID-r86v-k4um-dyd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.3" } ], "aliases": [ "CVE-2026-27461", "GHSA-vxg3-v4p6-f3fp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmpr-1fgb-jqea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45069?format=api", "vulnerability_id": "VCID-j8d3-zaj3-xuax", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04597", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04571", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04584", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2327" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:19Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f" }, { "reference_url": "https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:19Z/" } ], "url": "https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2327", "reference_id": "CVE-2023-2327", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2327" }, { "reference_url": "https://github.com/advisories/GHSA-x9xj-pqmv-8jf7", "reference_id": "GHSA-x9xj-pqmv-8jf7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x9xj-pqmv-8jf7" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7", "reference_id": "GHSA-x9xj-pqmv-8jf7", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2327", "GHSA-x9xj-pqmv-8jf7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8d3-zaj3-xuax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45094?format=api", "vulnerability_id": "VCID-jmdu-dpju-abee", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01577", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01583", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2361" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:38Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a" }, { "reference_url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:38Z/" } ], "url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2361", "reference_id": "CVE-2023-2361", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2361" }, { "reference_url": "https://github.com/advisories/GHSA-9xg6-75mh-7x3f", "reference_id": "GHSA-9xg6-75mh-7x3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xg6-75mh-7x3f" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f", "reference_id": "GHSA-9xg6-75mh-7x3f", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2361", "GHSA-9xg6-75mh-7x3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdu-dpju-abee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44690?format=api", "vulnerability_id": "VCID-kb9x-es6p-73eh", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03894", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03895", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03907", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0391", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1515" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:23:15Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14562", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14562" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14562.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14562.patch" }, { "reference_url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:23:15Z/" } ], "url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282" }, { "reference_url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1515", "reference_id": "CVE-2023-1515", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1515" }, { "reference_url": "https://github.com/advisories/GHSA-66cm-c7ch-5j8q", "reference_id": "GHSA-66cm-c7ch-5j8q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66cm-c7ch-5j8q" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-66cm-c7ch-5j8q", "reference_id": "GHSA-66cm-c7ch-5j8q", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-66cm-c7ch-5j8q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-1515", "GHSA-66cm-c7ch-5j8q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kb9x-es6p-73eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44635?format=api", "vulnerability_id": "VCID-kw4t-2xte-b3du", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01431", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01415", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01424", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0143", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1286" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:33:06Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18" }, { "reference_url": "https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:33:06Z/" } ], "url": "https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1286", "reference_id": "CVE-2023-1286", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1286" }, { "reference_url": "https://github.com/advisories/GHSA-8jv7-vwrc-mv4g", "reference_id": "GHSA-8jv7-vwrc-mv4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jv7-vwrc-mv4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1286", "GHSA-8jv7-vwrc-mv4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kw4t-2xte-b3du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46314?format=api", "vulnerability_id": "VCID-m5ct-vypc-kbgv", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5873", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00151", "published_at": "2026-06-06T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.0015", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5873" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:14Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c" }, { "reference_url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:14Z/" } ], "url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5873", "reference_id": "CVE-2023-5873", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5873" }, { "reference_url": "https://github.com/advisories/GHSA-j59v-hh4p-q92m", "reference_id": "GHSA-j59v-hh4p-q92m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j59v-hh4p-q92m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67587?format=api", "purl": "pkg:composer/pimcore/pimcore@11.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-u5a1-c9ar-3kg6" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.1.0" } ], "aliases": [ "CVE-2023-5873", "GHSA-j59v-hh4p-q92m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ct-vypc-kbgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44556?format=api", "vulnerability_id": "VCID-muk7-qswq-j3cy", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1117", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00782", "published_at": "2026-06-07T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00779", "published_at": "2026-06-04T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00784", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1117" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:19Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853" }, { "reference_url": "https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:19Z/" } ], "url": "https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1117", "reference_id": "CVE-2023-1117", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1117" }, { "reference_url": "https://github.com/advisories/GHSA-qxcw-rf4v-hp26", "reference_id": "GHSA-qxcw-rf4v-hp26", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxcw-rf4v-hp26" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qxcw-rf4v-hp26", "reference_id": "GHSA-qxcw-rf4v-hp26", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-qxcw-rf4v-hp26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64071?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qrb-ra1y-1uf3" }, { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-3qx3-fvbw-3fay" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d3ns-rfuc-dkdp" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-kb9x-es6p-73eh" }, { "vulnerability": "VCID-kw4t-2xte-b3du" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-n6ne-ucpz-u3bb" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-s6xd-j7a8-u3c8" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-vra6-hemr-kuf1" }, { "vulnerability": "VCID-vser-cuam-k7hs" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wj8w-76xv-jucd" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-wrtm-zhun-ffbt" }, { "vulnerability": "VCID-xks7-nx83-9khy" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1117", "GHSA-qxcw-rf4v-hp26" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-muk7-qswq-j3cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44682?format=api", "vulnerability_id": "VCID-n6ne-ucpz-u3bb", "summary": "Reflected XSS in Application Logger module\n### Impact\nThis vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.\n\n### Patches\nUpdate to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14606.patch\n\n### Workarounds\nApply https://github.com/pimcore/pimcore/pull/14606.patch manually.\n\n### References\nhttps://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/", "references": [ { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14606", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14606" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14606.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14606.patch" }, { "reference_url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356" }, { "reference_url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1312", "reference_id": "CVE-2023-1312", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1312" }, { "reference_url": "https://github.com/advisories/GHSA-2xpm-cmvw-3jcc", "reference_id": "GHSA-2xpm-cmvw-3jcc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xpm-cmvw-3jcc" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc", "reference_id": "GHSA-2xpm-cmvw-3jcc", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "GHSA-2xpm-cmvw-3jcc", "GMS-2023-779" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n6ne-ucpz-u3bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45705?format=api", "vulnerability_id": "VCID-nnem-28fp-xugy", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1097", "scoring_system": "epss", "scoring_elements": "0.93565", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.1097", "scoring_system": "epss", "scoring_elements": "0.93568", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3822" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:11:54Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236" }, { "reference_url": "https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:11:54Z/" } ], "url": "https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3822", "reference_id": "CVE-2023-3822", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3822" }, { "reference_url": "https://github.com/advisories/GHSA-vmpv-qjhq-r463", "reference_id": "GHSA-vmpv-qjhq-r463", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vmpv-qjhq-r463" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66223?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4" } ], "aliases": [ "CVE-2023-3822", "GHSA-vmpv-qjhq-r463" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnem-28fp-xugy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45081?format=api", "vulnerability_id": "VCID-p3g5-vbhk-h3h7", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01674", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01668", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2322" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773" }, { "reference_url": "https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/" } ], "url": "https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2322", "reference_id": "CVE-2023-2322", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2322" }, { "reference_url": "https://github.com/advisories/GHSA-476g-v7hf-cw5m", "reference_id": "GHSA-476g-v7hf-cw5m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-476g-v7hf-cw5m" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m", "reference_id": "GHSA-476g-v7hf-cw5m", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2322", "GHSA-476g-v7hf-cw5m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3g5-vbhk-h3h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44554?format=api", "vulnerability_id": "VCID-ppum-bu2e-b3hr", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1116", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00683", "published_at": "2026-06-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00679", "published_at": "2026-06-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0068", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1116" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:54Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14467.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14467.patch" }, { "reference_url": "https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:54Z/" } ], "url": "https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1116", "reference_id": "CVE-2023-1116", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1116" }, { "reference_url": "https://github.com/advisories/GHSA-96hp-38wx-j3wc", "reference_id": "GHSA-96hp-38wx-j3wc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-96hp-38wx-j3wc" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-96hp-38wx-j3wc", "reference_id": "GHSA-96hp-38wx-j3wc", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-96hp-38wx-j3wc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64071?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qrb-ra1y-1uf3" }, { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-3qx3-fvbw-3fay" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d3ns-rfuc-dkdp" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-kb9x-es6p-73eh" }, { "vulnerability": "VCID-kw4t-2xte-b3du" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-n6ne-ucpz-u3bb" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-s6xd-j7a8-u3c8" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-vra6-hemr-kuf1" }, { "vulnerability": "VCID-vser-cuam-k7hs" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wj8w-76xv-jucd" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-wrtm-zhun-ffbt" }, { "vulnerability": "VCID-xks7-nx83-9khy" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1116", "GHSA-96hp-38wx-j3wc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ppum-bu2e-b3hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45151?format=api", "vulnerability_id": "VCID-q4w5-13sd-xfdr", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01359", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01362", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01363", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2614" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:42:03Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7" }, { "reference_url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:42:03Z/" } ], "url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2614", "reference_id": "CVE-2023-2614", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2614" }, { "reference_url": "https://github.com/advisories/GHSA-m6m9-gr85-79vm", "reference_id": "GHSA-m6m9-gr85-79vm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6m9-gr85-79vm" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm", "reference_id": "GHSA-m6m9-gr85-79vm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2614", "GHSA-m6m9-gr85-79vm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4w5-13sd-xfdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44675?format=api", "vulnerability_id": "VCID-s6xd-j7a8-u3c8", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nPimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21605", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21651", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21664", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28106" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14669.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14669.patch" }, { "reference_url": "https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/" } ], "url": "https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28106", "reference_id": "CVE-2023-28106", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28106" }, { "reference_url": "https://github.com/advisories/GHSA-x5j3-mq9g-8jc8", "reference_id": "GHSA-x5j3-mq9g-8jc8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x5j3-mq9g-8jc8" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8", "reference_id": "GHSA-x5j3-mq9g-8jc8", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-28106", "GHSA-x5j3-mq9g-8jc8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6xd-j7a8-u3c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45302?format=api", "vulnerability_id": "VCID-tcpz-9zjx-q3c7", "summary": "Path Traversal: '\\..\\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08279", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08003", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09196", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2984" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T19:58:45Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-46g3-f9r8-xj4v", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-46g3-f9r8-xj4v" }, { "reference_url": "https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T19:58:45Z/" } ], "url": "https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2984", "reference_id": "CVE-2023-2984", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2984" }, { "reference_url": "https://github.com/advisories/GHSA-46g3-f9r8-xj4v", "reference_id": "GHSA-46g3-f9r8-xj4v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46g3-f9r8-xj4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65283?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.22" } ], "aliases": [ "CVE-2023-2984", "GHSA-46g3-f9r8-xj4v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcpz-9zjx-q3c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44790?format=api", "vulnerability_id": "VCID-tn1v-4yx7-8uat", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03889", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0389", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03903", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03905", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1701" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:52:49Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14721.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14721.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-7r35-chv4-xr3r", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-7r35-chv4-xr3r" }, { "reference_url": "https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:52:49Z/" } ], "url": "https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1701", "reference_id": "CVE-2023-1701", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1701" }, { "reference_url": "https://github.com/advisories/GHSA-6mmf-qm37-pmgg", "reference_id": "GHSA-6mmf-qm37-pmgg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mmf-qm37-pmgg" }, { "reference_url": "https://github.com/advisories/GHSA-7r35-chv4-xr3r", "reference_id": "GHSA-7r35-chv4-xr3r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7r35-chv4-xr3r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64449?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1701", "GHSA-6mmf-qm37-pmgg", "GHSA-7r35-chv4-xr3r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tn1v-4yx7-8uat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45064?format=api", "vulnerability_id": "VCID-tx4m-dken-57hp", "summary": "Cross-site Scripting (XSS) in Conditions tab of Pricing Rules\nThis vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2332", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00102", "published_at": "2026-06-07T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00101", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2332" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T21:00:05Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe" }, { "reference_url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T21:00:05Z/" } ], "url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2332", "reference_id": "CVE-2023-2332", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2332" }, { "reference_url": "https://github.com/advisories/GHSA-r7mm-jx6h-hv7m", "reference_id": "GHSA-r7mm-jx6h-hv7m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7mm-jx6h-hv7m" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m", "reference_id": "GHSA-r7mm-jx6h-hv7m", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2332", "GHSA-r7mm-jx6h-hv7m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tx4m-dken-57hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45702?format=api", "vulnerability_id": "VCID-u66z-9utb-7uf2", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3820", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41187", "scoring_system": "epss", "scoring_elements": "0.97474", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3820" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T13:29:49Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-c9hw-557q-f8hq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-c9hw-557q-f8hq" }, { "reference_url": "https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T13:29:49Z/" } ], "url": "https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3820", "reference_id": "CVE-2023-3820", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3820" }, { "reference_url": "https://github.com/advisories/GHSA-c9hw-557q-f8hq", "reference_id": "GHSA-c9hw-557q-f8hq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c9hw-557q-f8hq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66223?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4" } ], "aliases": [ "CVE-2023-3820", "GHSA-c9hw-557q-f8hq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u66z-9utb-7uf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45700?format=api", "vulnerability_id": "VCID-u889-d2cm-2kfk", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3821", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00387", "published_at": "2026-06-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00392", "published_at": "2026-06-06T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0039", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3821" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:28:26Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c" }, { "reference_url": "https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:28:26Z/" } ], "url": "https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3821", "reference_id": "CVE-2023-3821", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3821" }, { "reference_url": "https://github.com/advisories/GHSA-78q2-cv3p-x9fm", "reference_id": "GHSA-78q2-cv3p-x9fm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-78q2-cv3p-x9fm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66223?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4" } ], "aliases": [ "CVE-2023-3821", "GHSA-78q2-cv3p-x9fm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u889-d2cm-2kfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45703?format=api", "vulnerability_id": "VCID-upfw-kpy5-3qd8", "summary": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3819", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00059", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3819" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:38:48Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r87r-982q-2c3q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r87r-982q-2c3q" }, { "reference_url": "https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:38:48Z/" } ], "url": "https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3819", "reference_id": "CVE-2023-3819", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3819" }, { "reference_url": "https://github.com/advisories/GHSA-r87r-982q-2c3q", "reference_id": "GHSA-r87r-982q-2c3q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r87r-982q-2c3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66223?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4" } ], "aliases": [ "CVE-2023-3819", "GHSA-r87r-982q-2c3q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upfw-kpy5-3qd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44788?format=api", "vulnerability_id": "VCID-upjh-4jdt-xbgd", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1703", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0089", "published_at": "2026-06-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0088", "published_at": "2026-06-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00891", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1703" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:31:27Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4f25-2x2c-vg6v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4f25-2x2c-vg6v" }, { "reference_url": "https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:31:27Z/" } ], "url": "https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1703", "reference_id": "CVE-2023-1703", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1703" }, { "reference_url": "https://github.com/advisories/GHSA-3r5c-h7g6-cqw7", "reference_id": "GHSA-3r5c-h7g6-cqw7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3r5c-h7g6-cqw7" }, { "reference_url": "https://github.com/advisories/GHSA-4f25-2x2c-vg6v", "reference_id": "GHSA-4f25-2x2c-vg6v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f25-2x2c-vg6v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64449?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1703", "GHSA-3r5c-h7g6-cqw7", "GHSA-4f25-2x2c-vg6v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-upjh-4jdt-xbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46395?format=api", "vulnerability_id": "VCID-vqdy-2yzt-7qdf", "summary": "Cross-Site Request Forgery (CSRF)\nPimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.7572", "scoring_system": "epss", "scoring_elements": "0.98925", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.7572", "scoring_system": "epss", "scoring_elements": "0.98924", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47637" }, { "reference_url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/" } ], "url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php#L285-L312", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php#L285-L312" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47637", "reference_id": "CVE-2023-47637", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47637" }, { "reference_url": "https://github.com/advisories/GHSA-72hh-xf79-429p", "reference_id": "GHSA-72hh-xf79-429p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72hh-xf79-429p" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p", "reference_id": "GHSA-72hh-xf79-429p", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67743?format=api", "purl": "pkg:composer/pimcore/pimcore@11.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-cn4e-nsm4-e3fv" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-u5a1-c9ar-3kg6" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.1.1" } ], "aliases": [ "CVE-2023-47637", "GHSA-72hh-xf79-429p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqdy-2yzt-7qdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44705?format=api", "vulnerability_id": "VCID-vra6-hemr-kuf1", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08002", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08017", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28438" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14526", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14526" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28438", "reference_id": "CVE-2023-28438", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28438" }, { "reference_url": "https://github.com/advisories/GHSA-vf7q-g2pv-jxvx", "reference_id": "GHSA-vf7q-g2pv-jxvx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vf7q-g2pv-jxvx" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx", "reference_id": "GHSA-vf7q-g2pv-jxvx", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-28438", "GHSA-vf7q-g2pv-jxvx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vra6-hemr-kuf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44693?format=api", "vulnerability_id": "VCID-vser-cuam-k7hs", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0347", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03474", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03491", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03478", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1517" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:22:48Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14631", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14631" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14631.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/14631.patch" }, { "reference_url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:22:48Z/" } ], "url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d" }, { "reference_url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1517", "reference_id": "CVE-2023-1517", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1517" }, { "reference_url": "https://github.com/advisories/GHSA-42x8-2v53-pqmj", "reference_id": "GHSA-42x8-2v53-pqmj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-42x8-2v53-pqmj" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-42x8-2v53-pqmj", "reference_id": "GHSA-42x8-2v53-pqmj", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-42x8-2v53-pqmj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-1517", "GHSA-42x8-2v53-pqmj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vser-cuam-k7hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45082?format=api", "vulnerability_id": "VCID-w2hy-y2fn-m7gz", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20255", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20209", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20247", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30850" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14952", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14952" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30850", "reference_id": "CVE-2023-30850", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30850" }, { "reference_url": "https://github.com/advisories/GHSA-jwg4-qcgv-5wg6", "reference_id": "GHSA-jwg4-qcgv-5wg6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwg4-qcgv-5wg6" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6", "reference_id": "GHSA-jwg4-qcgv-5wg6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30850", "GHSA-jwg4-qcgv-5wg6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2hy-y2fn-m7gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44539?format=api", "vulnerability_id": "VCID-w2nk-gqyj-3yay", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04571", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04572", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04597", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04584", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1067" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T19:54:41Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf" }, { "reference_url": "https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T19:54:41Z/" } ], "url": "https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1067", "reference_id": "CVE-2023-1067", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1067" }, { "reference_url": "https://github.com/advisories/GHSA-f2jh-mf2c-8278", "reference_id": "GHSA-f2jh-mf2c-8278", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2jh-mf2c-8278" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64071?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qrb-ra1y-1uf3" }, { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-3qx3-fvbw-3fay" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d3ns-rfuc-dkdp" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-kb9x-es6p-73eh" }, { "vulnerability": "VCID-kw4t-2xte-b3du" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-n6ne-ucpz-u3bb" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-s6xd-j7a8-u3c8" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-vra6-hemr-kuf1" }, { "vulnerability": "VCID-vser-cuam-k7hs" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wj8w-76xv-jucd" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-wrtm-zhun-ffbt" }, { "vulnerability": "VCID-xks7-nx83-9khy" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-1067", "GHSA-f2jh-mf2c-8278" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2nk-gqyj-3yay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44678?format=api", "vulnerability_id": "VCID-wj8w-76xv-jucd", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04571", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04572", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04597", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04584", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1429" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:15:52Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5" }, { "reference_url": "https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:15:52Z/" } ], "url": "https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1429", "reference_id": "CVE-2023-1429", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1429" }, { "reference_url": "https://github.com/advisories/GHSA-3223-w774-99fq", "reference_id": "GHSA-3223-w774-99fq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3223-w774-99fq" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-3223-w774-99fq", "reference_id": "GHSA-3223-w774-99fq", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-3223-w774-99fq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-1429", "GHSA-3223-w774-99fq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wj8w-76xv-jucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45887?format=api", "vulnerability_id": "VCID-wneb-ka1d-rfbw", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4453", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00116", "published_at": "2026-06-07T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00118", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4453" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T14:05:40Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e" }, { "reference_url": "https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T14:05:40Z/" } ], "url": "https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4453", "reference_id": "CVE-2023-4453", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4453" }, { "reference_url": "https://github.com/advisories/GHSA-599v-h3q5-g6r9", "reference_id": "GHSA-599v-h3q5-g6r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-599v-h3q5-g6r9" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-599v-h3q5-g6r9", "reference_id": "GHSA-599v-h3q5-g6r9", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-599v-h3q5-g6r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66613?format=api", "purl": "pkg:composer/pimcore/pimcore@10.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/69875?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0-ALPHA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1" } ], "aliases": [ "CVE-2023-4453", "GHSA-599v-h3q5-g6r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wneb-ka1d-rfbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44691?format=api", "vulnerability_id": "VCID-wrtm-zhun-ffbt", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nPimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01619", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01626", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28429" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14574", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14574" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14574.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/14574.patch" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28429", "reference_id": "CVE-2023-28429", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28429" }, { "reference_url": "https://github.com/advisories/GHSA-rcg9-hrhx-6q69", "reference_id": "GHSA-rcg9-hrhx-6q69", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rcg9-hrhx-6q69" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-rcg9-hrhx-6q69", "reference_id": "GHSA-rcg9-hrhx-6q69", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-rcg9-hrhx-6q69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "CVE-2023-28429", "GHSA-rcg9-hrhx-6q69" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wrtm-zhun-ffbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44677?format=api", "vulnerability_id": "VCID-xks7-nx83-9khy", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pimcore/pimcore.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/advisories/GHSA-rrwm-8wqm-gwgv", "reference_id": "GHSA-rrwm-8wqm-gwgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrwm-8wqm-gwgv" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-rrwm-8wqm-gwgv", "reference_id": "GHSA-rrwm-8wqm-gwgv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-rrwm-8wqm-gwgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64267?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19" } ], "aliases": [ "GHSA-rrwm-8wqm-gwgv", "GMS-2023-781" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xks7-nx83-9khy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49721?format=api", "vulnerability_id": "VCID-xvhk-gv9z-53hb", "summary": "Pimcore is Vulnerable to Broken Access Control: Missing Function Level Authorization on \"Static Routes\" Listing\nThe application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This violates OWASP A01:2021 Broken Access Control, as function-level authorization is absent, allowing unauthorized access to internal routing metadata. Without validation, the endpoint exposes route structures, potentially revealing application architecture, endpoints, or custom logic intended for administrative roles only.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23494", "reference_id": "", "reference_type": "", "scores": [ { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "0.00014", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23494" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/18893", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/18893" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23494", "reference_id": "CVE-2026-23494", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23494" }, { "reference_url": "https://github.com/advisories/GHSA-m3r2-724c-pwgf", "reference_id": "GHSA-m3r2-724c-pwgf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m3r2-724c-pwgf" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf", "reference_id": "GHSA-m3r2-724c-pwgf", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73400?format=api", "purl": "pkg:composer/pimcore/pimcore@11.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmpr-1fgb-jqea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/73399?format=api", "purl": "pkg:composer/pimcore/pimcore@12.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmpr-1fgb-jqea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1" } ], "aliases": [ "CVE-2026-23494", "GHSA-m3r2-724c-pwgf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvhk-gv9z-53hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49716?format=api", "vulnerability_id": "VCID-yrnf-q3z4-jfh1", "summary": "Pimcore ENV Variables and Cookie Informations are exposed in http_error_log\nThe http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23493", "reference_id": "", "reference_type": "", "scores": [ { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "5e-05", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23493" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/18918", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/pull/18918" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v11.5.14" }, { "reference_url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/releases/tag/v12.3.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23493", "reference_id": "CVE-2026-23493", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23493" }, { "reference_url": "https://github.com/advisories/GHSA-q433-j342-rp9h", "reference_id": "GHSA-q433-j342-rp9h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q433-j342-rp9h" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h", "reference_id": "GHSA-q433-j342-rp9h", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73400?format=api", "purl": "pkg:composer/pimcore/pimcore@11.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmpr-1fgb-jqea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/73399?format=api", "purl": "pkg:composer/pimcore/pimcore@12.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmpr-1fgb-jqea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1" } ], "aliases": [ "CVE-2026-23493", "GHSA-q433-j342-rp9h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrnf-q3z4-jfh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44614?format=api", "vulnerability_id": "VCID-znuu-45u6-5uc7", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/da2af2d413b144b9a742118124457d13232d31fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/commit/da2af2d413b144b9a742118124457d13232d31fd" }, { "reference_url": "https://huntr.dev/bounties/04447124-c7d4-477f-8364-91fe5b59cda0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/04447124-c7d4-477f-8364-91fe5b59cda0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1247", "reference_id": "CVE-2023-1247", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1247" }, { "reference_url": "https://github.com/advisories/GHSA-8wg7-88cg-7p9j", "reference_id": "GHSA-8wg7-88cg-7p9j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wg7-88cg-7p9j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64229?format=api", "purl": "pkg:composer/pimcore/pimcore@11.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-4n21-ae6m-3qhk" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-u5a1-c9ar-3kg6" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0" } ], "aliases": [ "CVE-2023-1247", "GHSA-8wg7-88cg-7p9j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znuu-45u6-5uc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45155?format=api", "vulnerability_id": "VCID-zrfm-ght3-yfht", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01359", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01362", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01363", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2615" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:41:26Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f" }, { "reference_url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:41:26Z/" } ], "url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2615", "reference_id": "CVE-2023-2615", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2615" }, { "reference_url": "https://github.com/advisories/GHSA-q7cc-m6jw-m262", "reference_id": "GHSA-q7cc-m6jw-m262", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q7cc-m6jw-m262" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262", "reference_id": "GHSA-q7cc-m6jw-m262", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2615", "GHSA-q7cc-m6jw-m262" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrfm-ght3-yfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45076?format=api", "vulnerability_id": "VCID-zybv-3qck-dqgs", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04571", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04584", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04597", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2328" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:51:34Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe" }, { "reference_url": "https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:51:34Z/" } ], "url": "https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2328", "reference_id": "CVE-2023-2328", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2328" }, { "reference_url": "https://github.com/advisories/GHSA-2295-vh28-pphc", "reference_id": "GHSA-2295-vh28-pphc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2295-vh28-pphc" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc", "reference_id": "GHSA-2295-vh28-pphc", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2328", "GHSA-2295-vh28-pphc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zybv-3qck-dqgs" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44196?format=api", "vulnerability_id": "VCID-3554-b9ab-rqc9", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0323", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00216", "published_at": "2026-06-05T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00215", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0323" }, { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:07:52Z/" } ], "url": "https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/13916.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/pull/13916.patch" }, { "reference_url": "https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:07:52Z/" } ], "url": "https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0323", "reference_id": "CVE-2023-0323", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0323" }, { "reference_url": "https://github.com/advisories/GHSA-6vf6-g3pr-j83h", "reference_id": "GHSA-6vf6-g3pr-j83h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6vf6-g3pr-j83h" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6vf6-g3pr-j83h", "reference_id": "GHSA-6vf6-g3pr-j83h", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6vf6-g3pr-j83h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63577?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qrb-ra1y-1uf3" }, { "vulnerability": "VCID-21s4-mb97-v7bh" }, { "vulnerability": "VCID-29a6-htj3-z3dr" }, { "vulnerability": "VCID-2gzw-gxs8-zkbq" }, { "vulnerability": "VCID-3qx3-fvbw-3fay" }, { "vulnerability": "VCID-53nb-8vf3-9ubb" }, { "vulnerability": "VCID-6p5t-7h74-gueh" }, { "vulnerability": "VCID-8p88-g4b6-sfg3" }, { "vulnerability": "VCID-b358-dxdm-vqe7" }, { "vulnerability": "VCID-b5sk-cu89-hubw" }, { "vulnerability": "VCID-begq-psyd-fyh3" }, { "vulnerability": "VCID-bqh2-mx6q-pygq" }, { "vulnerability": "VCID-c2ht-41t3-eqaq" }, { "vulnerability": "VCID-ccyy-h9dp-cya2" }, { "vulnerability": "VCID-cndq-yx1e-jkg7" }, { "vulnerability": "VCID-cr5h-bz5b-jufg" }, { "vulnerability": "VCID-cyfe-vput-1fbk" }, { "vulnerability": "VCID-d3ns-rfuc-dkdp" }, { "vulnerability": "VCID-d6cw-a4th-eueu" }, { "vulnerability": "VCID-dmrj-fj5a-vqbh" }, { "vulnerability": "VCID-e35r-qy72-4uaj" }, { "vulnerability": "VCID-e9sz-xvw9-4fbb" }, { "vulnerability": "VCID-fjvx-uvar-6fcq" }, { "vulnerability": "VCID-fk9y-7e4h-3uey" }, { "vulnerability": "VCID-fzt2-896e-wudc" }, { "vulnerability": "VCID-g8h5-e165-1bay" }, { "vulnerability": "VCID-g8ha-yccg-p3f8" }, { "vulnerability": "VCID-hmpr-1fgb-jqea" }, { "vulnerability": "VCID-j8d3-zaj3-xuax" }, { "vulnerability": "VCID-jmdu-dpju-abee" }, { "vulnerability": "VCID-kb9x-es6p-73eh" }, { "vulnerability": "VCID-kw4t-2xte-b3du" }, { "vulnerability": "VCID-m5ct-vypc-kbgv" }, { "vulnerability": "VCID-muk7-qswq-j3cy" }, { "vulnerability": "VCID-n6ne-ucpz-u3bb" }, { "vulnerability": "VCID-nnem-28fp-xugy" }, { "vulnerability": "VCID-p3g5-vbhk-h3h7" }, { "vulnerability": "VCID-ppum-bu2e-b3hr" }, { "vulnerability": "VCID-q4w5-13sd-xfdr" }, { "vulnerability": "VCID-s6xd-j7a8-u3c8" }, { "vulnerability": "VCID-tcpz-9zjx-q3c7" }, { "vulnerability": "VCID-tn1v-4yx7-8uat" }, { "vulnerability": "VCID-tx4m-dken-57hp" }, { "vulnerability": "VCID-u66z-9utb-7uf2" }, { "vulnerability": "VCID-u889-d2cm-2kfk" }, { "vulnerability": "VCID-upfw-kpy5-3qd8" }, { "vulnerability": "VCID-upjh-4jdt-xbgd" }, { "vulnerability": "VCID-vqdy-2yzt-7qdf" }, { "vulnerability": "VCID-vra6-hemr-kuf1" }, { "vulnerability": "VCID-vser-cuam-k7hs" }, { "vulnerability": "VCID-w2hy-y2fn-m7gz" }, { "vulnerability": "VCID-w2nk-gqyj-3yay" }, { "vulnerability": "VCID-wj8w-76xv-jucd" }, { "vulnerability": "VCID-wneb-ka1d-rfbw" }, { "vulnerability": "VCID-wrtm-zhun-ffbt" }, { "vulnerability": "VCID-xks7-nx83-9khy" }, { "vulnerability": "VCID-xvhk-gv9z-53hb" }, { "vulnerability": "VCID-yrnf-q3z4-jfh1" }, { "vulnerability": "VCID-znuu-45u6-5uc7" }, { "vulnerability": "VCID-zrfm-ght3-yfht" }, { "vulnerability": "VCID-zybv-3qck-dqgs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.14" } ], "aliases": [ "CVE-2023-0323", "GHSA-6vf6-g3pr-j83h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3554-b9ab-rqc9" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.14" }