{"url":"http://public2.vulnerablecode.io/api/packages/232287?format=json","purl":"pkg:composer/pimcore/pimcore@4.6.5","type":"composer","namespace":"pimcore","name":"pimcore","version":"4.6.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.1.6+1","latest_non_vulnerable_version":"12.3.7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44704?format=json","vulnerability_id":"VCID-1qrb-ra1y-1uf3","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1578","reference_id":"","reference_type":"","scores":[{"value":"0.03609","scoring_system":"epss","scoring_elements":"0.87992","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03609","scoring_system":"epss","scoring_elements":"0.88013","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1578"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-25T19:51:39Z/"}],"url":"https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14538","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14538"},{"reference_url":"https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-25T19:51:39Z/"}],"url":"https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e"},{"reference_url":"https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e/","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.dev/bounties/7e441a14-8e55-4ab4-932c-4dc56bb1bc2e/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1578","reference_id":"CVE-2023-1578","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1578"},{"reference_url":"https://github.com/advisories/GHSA-42c3-wvww-gcqj","reference_id":"GHSA-42c3-wvww-gcqj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-42c3-wvww-gcqj"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-42c3-wvww-gcqj","reference_id":"GHSA-42c3-wvww-gcqj","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-42c3-wvww-gcqj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["CVE-2023-1578","GHSA-42c3-wvww-gcqj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qrb-ra1y-1uf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56789?format=json","vulnerability_id":"VCID-21s4-mb97-v7bh","summary":"Pimcore Vulnerable to SQL Injection in getRelationFilterCondition\nAuthenticated users can craft a filter string used to cause a SQL injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27617","reference_id":"","reference_type":"","scores":[{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68138","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27617"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/"}],"url":"https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Extension/RelationFilterConditionParser.php#L29-L47"},{"reference_url":"https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/"}],"url":"https://github.com/pimcore/pimcore/blob/c721a42c23efffd4ca916511ddb969598d302396/models/DataObject/ClassDefinition/Data/Multiselect.php#L332-L347"},{"reference_url":"https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/"}],"url":"https://github.com/pimcore/pimcore/commit/19a8520895484e68fd254773e32476565d91deea"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27617","reference_id":"CVE-2025-27617","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27617"},{"reference_url":"https://github.com/advisories/GHSA-qjpx-5m2p-5pgh","reference_id":"GHSA-qjpx-5m2p-5pgh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qjpx-5m2p-5pgh"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh","reference_id":"GHSA-qjpx-5m2p-5pgh","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-12T15:29:36Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-qjpx-5m2p-5pgh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84329?format=json","purl":"pkg:composer/pimcore/pimcore@11.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.4"}],"aliases":["CVE-2025-27617","GHSA-qjpx-5m2p-5pgh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21s4-mb97-v7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42869?format=json","vulnerability_id":"VCID-23ea-6aqe-37eb","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1219","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39935","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40017","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1219"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/a697830359df06246acca502ee2455614de68017"},{"reference_url":"https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/f700bd18-1fd3-4a05-867f-07176aebc7f6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1219","reference_id":"CVE-2022-1219","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1219"},{"reference_url":"https://github.com/advisories/GHSA-6gm7-j668-w6h9","reference_id":"GHSA-6gm7-j668-w6h9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6gm7-j668-w6h9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61297?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.5"}],"aliases":["CVE-2022-1219","GHSA-6gm7-j668-w6h9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23ea-6aqe-37eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44783?format=json","vulnerability_id":"VCID-29a6-htj3-z3dr","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1702","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02708","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02696","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1702"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:51:36Z/"}],"url":"https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14721.patch","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14721.patch"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-6qjm-39vh-729w","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-6qjm-39vh-729w"},{"reference_url":"https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:51:36Z/"}],"url":"https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1702","reference_id":"CVE-2023-1702","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1702"},{"reference_url":"https://github.com/advisories/GHSA-69fc-v223-6rjw","reference_id":"GHSA-69fc-v223-6rjw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-69fc-v223-6rjw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64449?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1702","GHSA-69fc-v223-6rjw","GHSA-6qjm-39vh-729w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29a6-htj3-z3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45304?format=json","vulnerability_id":"VCID-2gzw-gxs8-zkbq","summary":"Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2983","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01048","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2983"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T20:52:11Z/"}],"url":"https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-m4mv-rmr7-h5f5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-m4mv-rmr7-h5f5"},{"reference_url":"https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T20:52:11Z/"}],"url":"https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2983","reference_id":"CVE-2023-2983","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2983"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65285?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.23"}],"aliases":["CVE-2023-2983","GHSA-m4mv-rmr7-h5f5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gzw-gxs8-zkbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44196?format=json","vulnerability_id":"VCID-3554-b9ab-rqc9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0323","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00216","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0323"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:07:52Z/"}],"url":"https://github.com/pimcore/pimcore/commit/746fac1a342841624f63ab13edcd340358e1bc04"},{"reference_url":"https://github.com/pimcore/pimcore/pull/13916.patch","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/13916.patch"},{"reference_url":"https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:07:52Z/"}],"url":"https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0323","reference_id":"CVE-2023-0323","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0323"},{"reference_url":"https://github.com/advisories/GHSA-6vf6-g3pr-j83h","reference_id":"GHSA-6vf6-g3pr-j83h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6vf6-g3pr-j83h"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-6vf6-g3pr-j83h","reference_id":"GHSA-6vf6-g3pr-j83h","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-6vf6-g3pr-j83h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63577?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.14"}],"aliases":["CVE-2023-0323","GHSA-6vf6-g3pr-j83h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3554-b9ab-rqc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44683?format=json","vulnerability_id":"VCID-3qx3-fvbw-3fay","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28108","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03389","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28108"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/"}],"url":"https://github.com/pimcore/pimcore/commit/08e7ba56ae983c3c67ec563b6989b16ef8f35275.patch"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14633","reference_id":"","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/"}],"url":"https://github.com/pimcore/pimcore/pull/14633"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28108","reference_id":"CVE-2023-28108","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28108"},{"reference_url":"https://github.com/advisories/GHSA-xc9p-r5qj-8xm9","reference_id":"GHSA-xc9p-r5qj-8xm9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xc9p-r5qj-8xm9"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9","reference_id":"GHSA-xc9p-r5qj-8xm9","reference_type":"","scores":[{"value":"7.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:29:15Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-xc9p-r5qj-8xm9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["CVE-2023-28108","GHSA-xc9p-r5qj-8xm9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qx3-fvbw-3fay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42500?format=json","vulnerability_id":"VCID-3y83-5tzw-g3h3","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nPath Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0665","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05571","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05594","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0665"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/28945649a6234ccaa8c94c6cd83d1954603baf3e"},{"reference_url":"https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/423df64d-c591-4ad9-bf1c-411bcbc06ba3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0665","reference_id":"CVE-2022-0665","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0665"},{"reference_url":"https://github.com/advisories/GHSA-gjq4-69wj-p6pr","reference_id":"GHSA-gjq4-69wj-p6pr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjq4-69wj-p6pr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60768?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.2"}],"aliases":["CVE-2022-0665","GHSA-gjq4-69wj-p6pr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3y83-5tzw-g3h3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42096?format=json","vulnerability_id":"VCID-42wv-rbrs-43eh","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0262","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13788","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13864","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0262"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/6f36e841ce55f67e2e95253dd58f80659ef166c7"},{"reference_url":"https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/b38a4e14-5dcb-4e49-9990-494dc2a8fa0d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0262","reference_id":"CVE-2022-0262","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0262"},{"reference_url":"https://github.com/advisories/GHSA-4f5x-q4jc-xfcf","reference_id":"GHSA-4f5x-q4jc-xfcf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f5x-q4jc-xfcf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59900?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7"}],"aliases":["CVE-2022-0262","GHSA-4f5x-q4jc-xfcf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42wv-rbrs-43eh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51810?format=json","vulnerability_id":"VCID-4p1e-dst2-3yax","summary":"Deserialization of Untrusted Data\nIn Pimcore an attacker with limited privileges can trigger execution of a .phar file via a `phar://` URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the `phar://../../../../../../../../var/www/html/web/var/assets/` directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16317","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01484","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01492","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16317"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6ee5d8536d0802e377594cbe39083e822710aab9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/6ee5d8536d0802e377594cbe39083e822710aab9"},{"reference_url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451599","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451599"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16317","reference_id":"CVE-2019-16317","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16317"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57727?format=json","purl":"pkg:composer/pimcore/pimcore@5.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-9k8b-a52b-47fx"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-ejnh-57m7-ffab"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-pygu-76pc-r7as"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-umwk-nrvg-6bg5"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-utnk-dp6a-w3gf"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yq5e-ruk6-9ud2"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-yxfb-p2aw-t3ga"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.7.1"}],"aliases":["CVE-2019-16317","GHSA-352x-hc2f-fwff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4p1e-dst2-3yax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49707?format=json","vulnerability_id":"VCID-53nb-8vf3-9ubb","summary":"Pimcore Has an Incomplete Patch for CVE-2023-30848\nAn **incomplete SQL injection patch** in the Admin Search Find API allows an authenticated attacker to perform **blind SQL injection**.\nAlthough CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments (--) and catching syntax errors, the fix is insufficient. Attackers can still inject SQL payloads that do not rely on comments and infer database information via blind techniques. This vulnerability affects the admin interface and can lead to **database information disclosure**.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23492","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0025","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23492"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/"}],"url":"https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23492","reference_id":"CVE-2026-23492","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23492"},{"reference_url":"https://github.com/advisories/GHSA-6mhm-gcpf-5gr8","reference_id":"GHSA-6mhm-gcpf-5gr8","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mhm-gcpf-5gr8"},{"reference_url":"https://github.com/advisories/GHSA-qvr7-7g55-69xj","reference_id":"GHSA-qvr7-7g55-69xj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvr7-7g55-69xj"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj","reference_id":"GHSA-qvr7-7g55-69xj","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-14T21:14:38Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-qvr7-7g55-69xj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73400?format=json","purl":"pkg:composer/pimcore/pimcore@11.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hmpr-1fgb-jqea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/73399?format=json","purl":"pkg:composer/pimcore/pimcore@12.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hmpr-1fgb-jqea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1"}],"aliases":["CVE-2026-23492","GHSA-qvr7-7g55-69xj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53nb-8vf3-9ubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42091?format=json","vulnerability_id":"VCID-66tj-dw5v-kqdm","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0260","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08316","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0260"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pimcore/pimcore/commit/3125d5f0c04cfb5835857ca9416f0bb143130a2f"},{"reference_url":"https://github.com/pimcore/pimcore/commit/665976327ad3c2c87efa2a5a64d696032c0a8109","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/665976327ad3c2c87efa2a5a64d696032c0a8109"},{"reference_url":"https://github.com/pimcore/pimcore/pull/11205","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/11205"},{"reference_url":"https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/89e4ab60-21ec-4396-92ad-5b78d4c2897e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0260","reference_id":"CVE-2022-0260","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0260"},{"reference_url":"https://github.com/advisories/GHSA-455w-gv5p-wgg3","reference_id":"GHSA-455w-gv5p-wgg3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-455w-gv5p-wgg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59900?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/60204?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9"}],"aliases":["CVE-2022-0260","GHSA-455w-gv5p-wgg3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66tj-dw5v-kqdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45087?format=json","vulnerability_id":"VCID-6p5t-7h74-gueh","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nPath Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2336","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01585","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2336"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:58Z/"}],"url":"https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4"},{"reference_url":"https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:50:58Z/"}],"url":"https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2336","reference_id":"CVE-2023-2336","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2336"},{"reference_url":"https://github.com/advisories/GHSA-hg77-vx9v-f49x","reference_id":"GHSA-hg77-vx9v-f49x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hg77-vx9v-f49x"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x","reference_id":"GHSA-hg77-vx9v-f49x","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2336","GHSA-hg77-vx9v-f49x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6p5t-7h74-gueh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41921?format=json","vulnerability_id":"VCID-6sy7-7q66-g3b2","summary":"pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4139","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08234","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08267","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4139"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/d5c3e876d910784000335061c3bd24d301351245"},{"reference_url":"https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/6ec59e43-095f-4ba3-8b75-e92250da8e3a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4139","reference_id":"CVE-2021-4139","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4139"},{"reference_url":"https://github.com/advisories/GHSA-8xx9-rxrj-2m2w","reference_id":"GHSA-8xx9-rxrj-2m2w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xx9-rxrj-2m2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59900?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7"}],"aliases":["CVE-2021-4139","GHSA-8xx9-rxrj-2m2w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6sy7-7q66-g3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42084?format=json","vulnerability_id":"VCID-7km3-dmkc-dygb","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\npimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0258","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09679","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09719","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0258"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/66281c12479dc01a06258d8533eaddfb1770d5bd"},{"reference_url":"https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/0df891e4-6412-4d9a-a9b7-d9df50311802"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0258","reference_id":"CVE-2022-0258","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0258"},{"reference_url":"https://github.com/advisories/GHSA-vj9x-w7ch-f46p","reference_id":"GHSA-vj9x-w7ch-f46p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vj9x-w7ch-f46p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60190?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/60204?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9"}],"aliases":["CVE-2022-0258","GHSA-vj9x-w7ch-f46p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7km3-dmkc-dygb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42268?format=json","vulnerability_id":"VCID-8db4-zxk5-tqab","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0509","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17089","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17166","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0509"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/6ccb5c12fc1be065ebce9c89c4677ee939b88597"},{"reference_url":"https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/26cdf86c-8edc-4af6-8411-d569699ecd1b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0509","reference_id":"CVE-2022-0509","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0509"},{"reference_url":"https://github.com/advisories/GHSA-cg3h-rc9q-g8v9","reference_id":"GHSA-cg3h-rc9q-g8v9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg3h-rc9q-g8v9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60668?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1"}],"aliases":["CVE-2022-0509","GHSA-cg3h-rc9q-g8v9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8db4-zxk5-tqab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42118?format=json","vulnerability_id":"VCID-8mnw-8egh-cycq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored XSS in Packagist pimcore/pimcore.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0285","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14484","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14554","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0285"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/b432225952e2a5ab0268f401b85a14480369b835"},{"reference_url":"https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/321918b2-aa01-410e-9f7c-dca5f286bc9c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0285","reference_id":"CVE-2022-0285","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0285"},{"reference_url":"https://github.com/advisories/GHSA-pm3v-qxf6-fgxv","reference_id":"GHSA-pm3v-qxf6-fgxv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pm3v-qxf6-fgxv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60204?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9"}],"aliases":["CVE-2022-0285","GHSA-pm3v-qxf6-fgxv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8mnw-8egh-cycq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44360?format=json","vulnerability_id":"VCID-8p88-g4b6-sfg3","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23937","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0174","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01749","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23937"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/75a448ef8ac74424cf4e723afeb6d05f9eed872f","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:14Z/"}],"url":"https://github.com/pimcore/pimcore/commit/75a448ef8ac74424cf4e723afeb6d05f9eed872f"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14125","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14125"},{"reference_url":"https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38"},{"reference_url":"https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38/","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.dev/bounties/aa7ee076-d729-4fcc-9bcc-48bcbb8eac38/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23937","reference_id":"CVE-2023-23937","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23937"},{"reference_url":"https://github.com/advisories/GHSA-8xv4-jj4h-qww6","reference_id":"GHSA-8xv4-jj4h-qww6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8xv4-jj4h-qww6"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-8xv4-jj4h-qww6","reference_id":"GHSA-8xv4-jj4h-qww6","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:14Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-8xv4-jj4h-qww6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63828?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.16"}],"aliases":["CVE-2023-23937","GHSA-8xv4-jj4h-qww6","GMS-2023-222"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8p88-g4b6-sfg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41843?format=json","vulnerability_id":"VCID-91fn-ycss-c3c1","summary":"pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4084","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0752","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07557","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4084"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065"},{"reference_url":"https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4084","reference_id":"CVE-2021-4084","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4084"},{"reference_url":"https://github.com/advisories/GHSA-8w3x-r6x7-c5r5","reference_id":"GHSA-8w3x-r6x7-c5r5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w3x-r6x7-c5r5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59768?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6"}],"aliases":["CVE-2021-4084","GHSA-8w3x-r6x7-c5r5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91fn-ycss-c3c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54086?format=json","vulnerability_id":"VCID-9k8b-a52b-47fx","summary":"Path Traversal\nA Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the `CustomReportController` class.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23340","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06695","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06663","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23340"},{"reference_url":"https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/blob/v6.7.2/bundles/AdminBundle/Controller/Reports/CustomReportController.php%23L454"},{"reference_url":"https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/1786bdd4962ee51544fad537352c2b4223309442"},{"reference_url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1070132"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23340","reference_id":"CVE-2021-23340","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23340"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79787?format=json","purl":"pkg:composer/pimcore/pimcore@6.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-pygu-76pc-r7as"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.8.8"}],"aliases":["CVE-2021-23340","GHSA-h7f9-cvh5-qw7f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9k8b-a52b-47fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41334?format=json","vulnerability_id":"VCID-a66j-sth4-d3dc","summary":"CKEditor 4 vulnerabilities in versions <4.16.1\nDetails see: \n\nhttps://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc ( CVE-2021-37695 )\nhttps://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c ( CVE-2021-32808 )\nhttps://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg  ( CVE-2021-32809 )\n\nPatch: \nhttps://github.com/pimcore/pimcore/pull/10032","references":[{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/0d2ce3b1db4ac40646cee5104115767505760b6a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/0d2ce3b1db4ac40646cee5104115767505760b6a"},{"reference_url":"https://github.com/advisories/GHSA-cfcv-q4qq-2ph4","reference_id":"GHSA-cfcv-q4qq-2ph4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cfcv-q4qq-2ph4"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-cfcv-q4qq-2ph4","reference_id":"GHSA-cfcv-q4qq-2ph4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-cfcv-q4qq-2ph4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58720?format=json","purl":"pkg:composer/pimcore/pimcore@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.1"}],"aliases":["GHSA-cfcv-q4qq-2ph4","GMS-2021-117"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a66j-sth4-d3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42676?format=json","vulnerability_id":"VCID-a9rr-m13m-yuc6","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0893","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04187","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04203","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0893"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"},{"reference_url":"https://github.com/pimcore/pimcore/pull/11447","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/11447"},{"reference_url":"https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/2859a1c1-941c-4efc-a3ad-a0657c7a77e9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0893","reference_id":"CVE-2022-0893","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0893"},{"reference_url":"https://github.com/advisories/GHSA-g795-4hxx-qqwm","reference_id":"GHSA-g795-4hxx-qqwm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g795-4hxx-qqwm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60668?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/145294?format=json","purl":"pkg:composer/pimcore/pimcore@10.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0"}],"aliases":["CVE-2022-0893","GHSA-g795-4hxx-qqwm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9rr-m13m-yuc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45658?format=json","vulnerability_id":"VCID-b358-dxdm-vqe7","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3673","reference_id":"","reference_type":"","scores":[{"value":"0.11372","scoring_system":"epss","scoring_elements":"0.93699","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3673"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/"}],"url":"https://github.com/pimcore/pimcore/commit/a06ce0abdba19ae0eefc38b035e677f8f0c2bce9"},{"reference_url":"https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-22T15:08:39Z/"}],"url":"https://huntr.dev/bounties/46ca0934-5260-477b-9e86-7b16bb18d0a9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3673","reference_id":"CVE-2023-3673","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3673"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66144?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.24"}],"aliases":["CVE-2023-3673","GHSA-rxp5-qwrf-pfv3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b358-dxdm-vqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44468?format=json","vulnerability_id":"VCID-b5sk-cu89-hubw","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pimcore/pimcore.","references":[{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/advisories/GHSA-76r7-h46w-463r","reference_id":"GHSA-76r7-h46w-463r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-76r7-h46w-463r"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-76r7-h46w-463r","reference_id":"GHSA-76r7-h46w-463r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-76r7-h46w-463r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63968?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.17"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["GHSA-76r7-h46w-463r","GMS-2023-363"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5sk-cu89-hubw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42097?format=json","vulnerability_id":"VCID-b8x1-6xn4-c7gm","summary":"Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0263","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00208","published_at":"2026-06-04T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00207","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0263"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/35d1853baf64d6a1d90fd8803e52439da53a3911"},{"reference_url":"https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/96506857-06bc-4c84-88b7-4f397715bcf6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0263","reference_id":"CVE-2022-0263","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0263"},{"reference_url":"https://github.com/advisories/GHSA-c697-r227-pq6h","reference_id":"GHSA-c697-r227-pq6h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c697-r227-pq6h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59900?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.7"}],"aliases":["CVE-2022-0263","GHSA-c697-r227-pq6h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8x1-6xn4-c7gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45153?format=json","vulnerability_id":"VCID-begq-psyd-fyh3","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2630","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0128","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2630"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:39:45Z/"}],"url":"https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38"},{"reference_url":"https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:39:45Z/"}],"url":"https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2630","reference_id":"CVE-2023-2630","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2630"},{"reference_url":"https://github.com/advisories/GHSA-w766-3572-f2hv","reference_id":"GHSA-w766-3572-f2hv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w766-3572-f2hv"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv","reference_id":"GHSA-w766-3572-f2hv","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2630","GHSA-w766-3572-f2hv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-begq-psyd-fyh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45086?format=json","vulnerability_id":"VCID-bqh2-mx6q-pygq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2323","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0068","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2323"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:50Z/"}],"url":"https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e"},{"reference_url":"https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:50Z/"}],"url":"https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2323","reference_id":"CVE-2023-2323","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2323"},{"reference_url":"https://github.com/advisories/GHSA-cjv6-w5hf-5wr6","reference_id":"GHSA-cjv6-w5hf-5wr6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cjv6-w5hf-5wr6"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6","reference_id":"GHSA-cjv6-w5hf-5wr6","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2323","GHSA-cjv6-w5hf-5wr6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqh2-mx6q-pygq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44781?format=json","vulnerability_id":"VCID-c2ht-41t3-eqaq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1704","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03524","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03517","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1704"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:30:59Z/"}],"url":"https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14732.patch","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14732.patch"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-hfmg-g39c-5444","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-hfmg-g39c-5444"},{"reference_url":"https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:30:59Z/"}],"url":"https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1704","reference_id":"CVE-2023-1704","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1704"},{"reference_url":"https://github.com/advisories/GHSA-rp78-4562-gx3c","reference_id":"GHSA-rp78-4562-gx3c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rp78-4562-gx3c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64449?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1704","GHSA-hfmg-g39c-5444","GHSA-rp78-4562-gx3c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2ht-41t3-eqaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42266?format=json","vulnerability_id":"VCID-c8ex-6vwd-zkd4","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0510","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12675","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12759","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0510"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/b5a9ad65e5a4dde1916f02019f8686ad835681ce"},{"reference_url":"https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/bb3525d5-dedc-48b8-ab04-ad4c72499abe"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0510","reference_id":"CVE-2022-0510","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0510"},{"reference_url":"https://github.com/advisories/GHSA-mxh3-2699-98g9","reference_id":"GHSA-mxh3-2699-98g9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxh3-2699-98g9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60668?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1"}],"aliases":["CVE-2022-0510","GHSA-mxh3-2699-98g9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8ex-6vwd-zkd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45063?format=json","vulnerability_id":"VCID-ccyy-h9dp-cya2","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2342","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02105","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2342"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:31:26Z/"}],"url":"https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564"},{"reference_url":"https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:31:26Z/"}],"url":"https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2342","reference_id":"CVE-2023-2342","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2342"},{"reference_url":"https://github.com/advisories/GHSA-2c67-p4xh-m34w","reference_id":"GHSA-2c67-p4xh-m34w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2c67-p4xh-m34w"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w","reference_id":"GHSA-2c67-p4xh-m34w","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2342","GHSA-2c67-p4xh-m34w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccyy-h9dp-cya2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45131?format=json","vulnerability_id":"VCID-cndq-yx1e-jkg7","summary":"Relative Path Traversal in pimcore/pimcore.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30855","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00436","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30855"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/7f788fa44bc18bc1c9182c25e26b770a1d30b62f.patch","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/7f788fa44bc18bc1c9182c25e26b770a1d30b62f.patch"},{"reference_url":"https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/"}],"url":"https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14498","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/"}],"url":"https://github.com/pimcore/pimcore/pull/14498"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30855","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30855"},{"reference_url":"https://github.com/advisories/GHSA-g2mc-fqqc-hxg3","reference_id":"GHSA-g2mc-fqqc-hxg3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g2mc-fqqc-hxg3"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-g2mc-fqqc-hxg3","reference_id":"GHSA-g2mc-fqqc-hxg3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T15:07:33Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-g2mc-fqqc-hxg3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64071?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18"}],"aliases":["CVE-2023-30855","GHSA-g2mc-fqqc-hxg3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cndq-yx1e-jkg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45070?format=json","vulnerability_id":"VCID-cr5h-bz5b-jufg","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2343","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01022","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2343"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:04:53Z/"}],"url":"https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e"},{"reference_url":"https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:04:53Z/"}],"url":"https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2343","reference_id":"CVE-2023-2343","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2343"},{"reference_url":"https://github.com/advisories/GHSA-9q7q-r54q-3f3g","reference_id":"GHSA-9q7q-r54q-3f3g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9q7q-r54q-3f3g"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g","reference_id":"GHSA-9q7q-r54q-3f3g","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2343","GHSA-9q7q-r54q-3f3g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr5h-bz5b-jufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45066?format=json","vulnerability_id":"VCID-cyfe-vput-1fbk","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2341","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04367","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2341"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:03Z/"}],"url":"https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11"},{"reference_url":"https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:03Z/"}],"url":"https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2341","reference_id":"CVE-2023-2341","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2341"},{"reference_url":"https://github.com/advisories/GHSA-fq95-rx4q-qgg2","reference_id":"GHSA-fq95-rx4q-qgg2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fq95-rx4q-qgg2"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2","reference_id":"GHSA-fq95-rx4q-qgg2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2341","GHSA-fq95-rx4q-qgg2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyfe-vput-1fbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44641?format=json","vulnerability_id":"VCID-d3ns-rfuc-dkdp","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1312","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10779","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10865","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1312"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T15:36:24Z/"}],"url":"https://github.com/pimcore/pimcore/commit/d35d0712858f24d0ec96ddfd4cbe82ff4b5a5fbb"},{"reference_url":"https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T15:36:24Z/"}],"url":"https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1312","reference_id":"CVE-2023-1312","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1312"},{"reference_url":"https://github.com/advisories/GHSA-gh4g-65f6-84g5","reference_id":"GHSA-gh4g-65f6-84g5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gh4g-65f6-84g5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1312","GHSA-gh4g-65f6-84g5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3ns-rfuc-dkdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45085?format=json","vulnerability_id":"VCID-d6cw-a4th-eueu","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30849","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20255","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30849"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1"},{"reference_url":"https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/"}],"url":"https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14968","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/"}],"url":"https://github.com/pimcore/pimcore/pull/14968"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30849","reference_id":"CVE-2023-30849","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30849"},{"reference_url":"https://github.com/advisories/GHSA-xmg8-w465-mr56","reference_id":"GHSA-xmg8-w465-mr56","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xmg8-w465-mr56"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56","reference_id":"GHSA-xmg8-w465-mr56","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-31T18:17:25Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-30849","GHSA-xmg8-w465-mr56"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6cw-a4th-eueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42088?format=json","vulnerability_id":"VCID-dakz-7vpr-ykbe","summary":"pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0257","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05741","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05764","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0257"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/dfaf78b26fb77990267c0cc05b9fcb9f8de7b66d"},{"reference_url":"https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/bad2073c-bbd5-4425-b3e9-c336b73ddda6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0257","reference_id":"CVE-2022-0257","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0257"},{"reference_url":"https://github.com/advisories/GHSA-v567-q267-phpg","reference_id":"GHSA-v567-q267-phpg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v567-q267-phpg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60190?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/60204?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9"}],"aliases":["CVE-2022-0257","GHSA-v567-q267-phpg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dakz-7vpr-ykbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42963?format=json","vulnerability_id":"VCID-daqy-9srj-kkbc","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL injection in `GridHelperService.php` in GitHub repository pimcore/pimcore prior to 10.3.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1429","reference_id":"","reference_type":"","scores":[{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46135","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46204","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1429"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/523a735ab94f004459b84ffdfd3db784586bbd82"},{"reference_url":"https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/cfba30b4-85fa-4499-9160-cd6e3119310e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1429","reference_id":"CVE-2022-1429","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1429"},{"reference_url":"https://github.com/advisories/GHSA-2v7p-f4qm-r5pc","reference_id":"GHSA-2v7p-f4qm-r5pc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2v7p-f4qm-r5pc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61477?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.6"}],"aliases":["CVE-2022-1429","GHSA-2v7p-f4qm-r5pc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-daqy-9srj-kkbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42197?format=json","vulnerability_id":"VCID-de2k-yy77-6yhn","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA stored Cross-site Scripting (XSS) vulnrability was found in pimcore.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0348","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08234","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08267","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0348"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a"},{"reference_url":"https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0348","reference_id":"CVE-2022-0348","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0348"},{"reference_url":"https://github.com/advisories/GHSA-8x44-pwr2-rgc6","reference_id":"GHSA-8x44-pwr2-rgc6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8x44-pwr2-rgc6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60292?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/146416?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.10"}],"aliases":["CVE-2022-0348","GHSA-8x44-pwr2-rgc6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-de2k-yy77-6yhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109259?format=json","vulnerability_id":"VCID-dmkv-tpma-qbfn","summary":"Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users\nPimcore prior to 10.5.6 is vulnerable to stored cross-site scripting. This occurs when an attacker injects a payload when adding properties for a new user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3211","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05718","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05742","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3211"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/0508c491c6a4f3d119ec8dcf444e52ff25028c36"},{"reference_url":"https://github.com/pimcore/pimcore/pull/13129","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/13129"},{"reference_url":"https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3211","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3211"},{"reference_url":"https://github.com/advisories/GHSA-4849-x3jx-45qr","reference_id":"GHSA-4849-x3jx-45qr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4849-x3jx-45qr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146080?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.6"}],"aliases":["CVE-2022-3211","GHSA-4849-x3jx-45qr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmkv-tpma-qbfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45783?format=json","vulnerability_id":"VCID-dmrj-fj5a-vqbh","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nPimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.\nThe impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38708","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00211","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38708"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:21:04Z/"}],"url":"https://github.com/pimcore/pimcore/commit/58012d0e3b8b926fb54eccbd64ec5c993b30c22c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38708","reference_id":"CVE-2023-38708","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38708"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887","reference_id":"GHSA-34hj-v8fm-x887","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:21:04Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-34hj-v8fm-x887"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66447?format=json","purl":"pkg:composer/pimcore/pimcore@10.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.7"}],"aliases":["CVE-2023-38708","GHSA-34hj-v8fm-x887"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmrj-fj5a-vqbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42089?format=json","vulnerability_id":"VCID-dt28-cwh4-gyga","summary":"pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0256","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01685","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01695","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0256"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7"},{"reference_url":"https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0256","reference_id":"CVE-2022-0256","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0256"},{"reference_url":"https://github.com/advisories/GHSA-57hg-26h7-9qgv","reference_id":"GHSA-57hg-26h7-9qgv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57hg-26h7-9qgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60190?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/60204?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9"}],"aliases":["CVE-2022-0256","GHSA-57hg-26h7-9qgv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dt28-cwh4-gyga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45067?format=json","vulnerability_id":"VCID-e35r-qy72-4uaj","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2339","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00525","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2339"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T21:26:57Z/"}],"url":"https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480"},{"reference_url":"https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T21:26:57Z/"}],"url":"https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2339","reference_id":"CVE-2023-2339","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2339"},{"reference_url":"https://github.com/advisories/GHSA-6fvf-x8c6-2f6j","reference_id":"GHSA-6fvf-x8c6-2f6j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6fvf-x8c6-2f6j"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j","reference_id":"GHSA-6fvf-x8c6-2f6j","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2339","GHSA-6fvf-x8c6-2f6j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e35r-qy72-4uaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45074?format=json","vulnerability_id":"VCID-e9sz-xvw9-4fbb","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2338","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19754","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2338"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-03T16:28:43Z/"}],"url":"https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520"},{"reference_url":"https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-03T16:28:43Z/"}],"url":"https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2338","reference_id":"CVE-2023-2338","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2338"},{"reference_url":"https://github.com/advisories/GHSA-4x35-vr82-xvj6","reference_id":"GHSA-4x35-vr82-xvj6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4x35-vr82-xvj6"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6","reference_id":"GHSA-4x35-vr82-xvj6","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2338","GHSA-4x35-vr82-xvj6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9sz-xvw9-4fbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52020?format=json","vulnerability_id":"VCID-ejnh-57m7-ffab","summary":"pimcore/pimcore is vulnerable to SQL Injection. An attacker with limited privileges (classes permission) can achieve a SQL injection that can lead in data leakage. The vulnerability can be exploited via `id`, `storeId`, `pageSize` and `tables` parameters, using a payload for trigger a time based or error based sql injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10763","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00726","published_at":"2026-06-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00723","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10763"},{"reference_url":"https://blog.certimetergroup.com/it/articolo/security/sql_injection_in_pimcore_6.2.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.certimetergroup.com/it/articolo/security/sql_injection_in_pimcore_6.2.3"},{"reference_url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-480391","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-480391"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10763","reference_id":"CVE-2019-10763","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10763"},{"reference_url":"https://github.com/advisories/GHSA-fpff-384j-vxq7","reference_id":"GHSA-fpff-384j-vxq7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpff-384j-vxq7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76126?format=json","purl":"pkg:composer/pimcore/pimcore@6.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-9k8b-a52b-47fx"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-pygu-76pc-r7as"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-umwk-nrvg-6bg5"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.3.0"}],"aliases":["CVE-2019-10763","GHSA-fpff-384j-vxq7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejnh-57m7-ffab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42666?format=json","vulnerability_id":"VCID-erpf-xa8n-afcf","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0894","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01633","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01643","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0894"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"},{"reference_url":"https://github.com/pimcore/pimcore/pull/11447","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/11447"},{"reference_url":"https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/18f8e85e-3cbf-4915-b649-8cffe99daa95"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0894","reference_id":"CVE-2022-0894","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0894"},{"reference_url":"https://github.com/advisories/GHSA-22hc-47cc-7x6f","reference_id":"GHSA-22hc-47cc-7x6f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22hc-47cc-7x6f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60668?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/145294?format=json","purl":"pkg:composer/pimcore/pimcore@10.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0"}],"aliases":["CVE-2022-0894","GHSA-22hc-47cc-7x6f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-erpf-xa8n-afcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42912?format=json","vulnerability_id":"VCID-f1st-tu3e-5qem","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1339","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15665","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15746","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1339"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c"},{"reference_url":"https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1339","reference_id":"CVE-2022-1339","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1339"},{"reference_url":"https://github.com/advisories/GHSA-mj2c-5mjv-gmmj","reference_id":"GHSA-mj2c-5mjv-gmmj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj2c-5mjv-gmmj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61297?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.5"}],"aliases":["CVE-2022-1339","GHSA-mj2c-5mjv-gmmj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1st-tu3e-5qem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44549?format=json","vulnerability_id":"VCID-fjvx-uvar-6fcq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1115","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02831","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02843","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1115"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:15:26Z/"}],"url":"https://github.com/pimcore/pimcore/commit/c6368b7cc69a3ebf2c83de7586f492ca1f404dd3"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14500.patch","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14500.patch"},{"reference_url":"https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-11T14:15:26Z/"}],"url":"https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1115","reference_id":"CVE-2023-1115","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1115"},{"reference_url":"https://github.com/advisories/GHSA-97cp-8873-v2gf","reference_id":"GHSA-97cp-8873-v2gf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-97cp-8873-v2gf"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-97cp-8873-v2gf","reference_id":"GHSA-97cp-8873-v2gf","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-97cp-8873-v2gf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64071?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1115","GHSA-97cp-8873-v2gf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjvx-uvar-6fcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45079?format=json","vulnerability_id":"VCID-fk9y-7e4h-3uey","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2340","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0068","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2340"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:45Z/"}],"url":"https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e"},{"reference_url":"https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:32:45Z/"}],"url":"https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2340","reference_id":"CVE-2023-2340","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2340"},{"reference_url":"https://github.com/advisories/GHSA-g93x-fm2w-5pxw","reference_id":"GHSA-g93x-fm2w-5pxw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g93x-fm2w-5pxw"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw","reference_id":"GHSA-g93x-fm2w-5pxw","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2340","GHSA-g93x-fm2w-5pxw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fk9y-7e4h-3uey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108940?format=json","vulnerability_id":"VCID-fkd6-pyag-kyc6","summary":"RCE vulnerability in Pimcore/Mail & Dynamic Text Layout\n### Impact\nThe user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\\Layout\\Text` is vulnerable to server-side template Injection RCE.\n\n### Patches\nUpdate to version 10.5.9 or apply this patch manually https://github.com/pimcore/pimcore/pull/13347.patch\n\n### Workarounds\nApply https://github.com/pimcore/pimcore/pull/13347.patch manually.\n\n### References\nCredits: @nth347 from Viettel Cyber Security","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39365","reference_id":"","reference_type":"","scores":[{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00205","scoring_system":"epss","scoring_elements":"0.42592","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39365"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/43aa34e018f5cd447bceb864358285ba92f68372","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/43aa34e018f5cd447bceb864358285ba92f68372"},{"reference_url":"https://github.com/pimcore/pimcore/pull/13347","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/13347"},{"reference_url":"https://github.com/pimcore/pimcore/pull/13347.patch","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/13347.patch"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-5qxq-vgmm-q39m","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-5qxq-vgmm-q39m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39365","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39365"},{"reference_url":"https://github.com/advisories/GHSA-5qxq-vgmm-q39m","reference_id":"GHSA-5qxq-vgmm-q39m","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5qxq-vgmm-q39m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145116?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.9"}],"aliases":["CVE-2022-39365","GHSA-5qxq-vgmm-q39m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fkd6-pyag-kyc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45078?format=json","vulnerability_id":"VCID-fzt2-896e-wudc","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the \"scriptPath\" parameter and the file name in the \"scripts\" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30852","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0114","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30852"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/"}],"url":"https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14959","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/"}],"url":"https://github.com/pimcore/pimcore/pull/14959"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30852","reference_id":"CVE-2023-30852","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30852"},{"reference_url":"https://github.com/advisories/GHSA-j5c3-r84f-9596","reference_id":"GHSA-j5c3-r84f-9596","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j5c3-r84f-9596"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596","reference_id":"GHSA-j5c3-r84f-9596","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T19:34:59Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-30852","GHSA-j5c3-r84f-9596"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fzt2-896e-wudc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45218?format=json","vulnerability_id":"VCID-g2xz-1vbj-qufd","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2730","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01577","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2730"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:17:55Z/"}],"url":"https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878"},{"reference_url":"https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T21:17:55Z/"}],"url":"https://huntr.dev/bounties/6c6f5c26-d545-4e7b-82bb-1fe28006c885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2730","reference_id":"CVE-2023-2730","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2730"},{"reference_url":"https://github.com/advisories/GHSA-q3p4-v2cm-q945","reference_id":"GHSA-q3p4-v2cm-q945","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q3p4-v2cm-q945"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60884?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.3"}],"aliases":["CVE-2023-2730","GHSA-q3p4-v2cm-q945"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2xz-1vbj-qufd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45154?format=json","vulnerability_id":"VCID-g8h5-e165-1bay","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2616","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01359","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2616"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:40:53Z/"}],"url":"https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091"},{"reference_url":"https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:40:53Z/"}],"url":"https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2616","reference_id":"CVE-2023-2616","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2616"},{"reference_url":"https://github.com/advisories/GHSA-mhpj-7m7h-8p6x","reference_id":"GHSA-mhpj-7m7h-8p6x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mhpj-7m7h-8p6x"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x","reference_id":"GHSA-mhpj-7m7h-8p6x","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2616","GHSA-mhpj-7m7h-8p6x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8h5-e165-1bay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45080?format=json","vulnerability_id":"VCID-g8ha-yccg-p3f8","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30848","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01543","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30848"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3"},{"reference_url":"https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14972","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14972"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30848","reference_id":"CVE-2023-30848","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30848"},{"reference_url":"https://github.com/advisories/GHSA-6mhm-gcpf-5gr8","reference_id":"GHSA-6mhm-gcpf-5gr8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6mhm-gcpf-5gr8"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8","reference_id":"GHSA-6mhm-gcpf-5gr8","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-30848","GHSA-6mhm-gcpf-5gr8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ha-yccg-p3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110567?format=json","vulnerability_id":"VCID-gt5w-6b92-1qfz","summary":"Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore\n### Impact\nPimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. \nThe actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and  so relies on the auto-quoting being done by the listing classes. \n\n##### Example: \n```php\n// request url: https://example.com/foo?groupBy=o_id`; SELECT SLEEP(20);--\n\n$list = new DataObject\\Car\\Listing();\n$list->setOrderKey($request->get('orderBy'));\n$list->setGroupBy($request->get('groupBy'));\n$list->load();\n```\n\n### Patches\nUpgrade to >= 10.4.4 or apply the following patch manually: \nhttps://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549.patch\n\n### Workarounds\nApply this patch manually: \nhttps://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549.patch\n\n### References\nhttps://github.com/pimcore/pimcore/pull/12444","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31092","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07855","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07822","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31092"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:02Z/"}],"url":"https://github.com/pimcore/pimcore/commit/21559c6bf0e4e828d33ff7af6e88caecb5ac6549"},{"reference_url":"https://github.com/pimcore/pimcore/pull/12444","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:02Z/"}],"url":"https://github.com/pimcore/pimcore/pull/12444"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-gvmf-wcx6-p974","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:02Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-gvmf-wcx6-p974"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31092","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31092"},{"reference_url":"https://github.com/advisories/GHSA-gvmf-wcx6-p974","reference_id":"GHSA-gvmf-wcx6-p974","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvmf-wcx6-p974"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149278?format=json","purl":"pkg:composer/pimcore/pimcore@10.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.4"}],"aliases":["CVE-2022-31092","GHSA-gvmf-wcx6-p974","GMS-2022-2534"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gt5w-6b92-1qfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50345?format=json","vulnerability_id":"VCID-hmpr-1fgb-jqea","summary":"Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause\nThe filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries.\n\nAffected code in models/Dependency/Dao.php:\n- getFilterRequiresByPath() lines 90, 95, 100\n- getFilterRequiredByPath() lines 148, 153, 158\n\nAll 6 locations use direct string concatenation like:\n\n\"AND LOWER(CONCAT(o.path, o.key)) RLIKE '\".$value.\"'\"\n\nNote that $orderBy and $orderDirection in the same methods (lines 75-81) ARE properly `whitelist`-validated, but $value has zero sanitization.\n\nEntry points (pimcore/admin-ui-classic-bundle ElementController.php):\n- GET /admin/element/get-requires-dependencies (line 654)\n- GET /admin/element/get-required-by-dependencies (line 714)\n\nThe controller JSON-decodes the filter query param and passes $filter['value'] straight to the Dao without any escaping.\n\nPoC (time-based blind):","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27461","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02434","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27461"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/"}],"url":"https://github.com/pimcore/pimcore/commit/1c3925fbec4895abeb21e5c244a83679c4e4a6f4"},{"reference_url":"https://github.com/pimcore/pimcore/pull/18991","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/"}],"url":"https://github.com/pimcore/pimcore/pull/18991"},{"reference_url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.3","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/"}],"url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27461","reference_id":"CVE-2026-27461","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27461"},{"reference_url":"https://github.com/advisories/GHSA-vxg3-v4p6-f3fp","reference_id":"GHSA-vxg3-v4p6-f3fp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxg3-v4p6-f3fp"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp","reference_id":"GHSA-vxg3-v4p6-f3fp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:56:21Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-vxg3-v4p6-f3fp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73398?format=json","purl":"pkg:composer/pimcore/pimcore@12.0.0-RC1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.0.0-RC1"},{"url":"http://public2.vulnerablecode.io/api/packages/74234?format=json","purl":"pkg:composer/pimcore/pimcore@12.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hrxz-az84-2ua8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.3"}],"aliases":["CVE-2026-27461","GHSA-vxg3-v4p6-f3fp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hmpr-1fgb-jqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42571?format=json","vulnerability_id":"VCID-hz2p-k88z-nbdb","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0832","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43186","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43259","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0832"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/8ab06bfbb5a05a1b190731d9c7476ec45f5ee878"},{"reference_url":"https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/be450b60-bc8f-4585-96a5-3c4069f1186a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0832","reference_id":"CVE-2022-0832","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0832"},{"reference_url":"https://github.com/advisories/GHSA-6qcc-whgp-pjj2","reference_id":"GHSA-6qcc-whgp-pjj2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qcc-whgp-pjj2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60884?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.3"}],"aliases":["CVE-2022-0832","GHSA-6qcc-whgp-pjj2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hz2p-k88z-nbdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45069?format=json","vulnerability_id":"VCID-j8d3-zaj3-xuax","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2327","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04597","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2327"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:19Z/"}],"url":"https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f"},{"reference_url":"https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:33:19Z/"}],"url":"https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2327","reference_id":"CVE-2023-2327","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2327"},{"reference_url":"https://github.com/advisories/GHSA-x9xj-pqmv-8jf7","reference_id":"GHSA-x9xj-pqmv-8jf7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x9xj-pqmv-8jf7"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7","reference_id":"GHSA-x9xj-pqmv-8jf7","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2327","GHSA-x9xj-pqmv-8jf7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8d3-zaj3-xuax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45094?format=json","vulnerability_id":"VCID-jmdu-dpju-abee","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2361","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01577","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2361"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:38Z/"}],"url":"https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a"},{"reference_url":"https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T20:47:38Z/"}],"url":"https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2361","reference_id":"CVE-2023-2361","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2361"},{"reference_url":"https://github.com/advisories/GHSA-9xg6-75mh-7x3f","reference_id":"GHSA-9xg6-75mh-7x3f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9xg6-75mh-7x3f"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f","reference_id":"GHSA-9xg6-75mh-7x3f","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2361","GHSA-9xg6-75mh-7x3f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdu-dpju-abee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109933?format=json","vulnerability_id":"VCID-jv87-2e53-13as","summary":"Pimcore Cross-site Scripting (XSS)\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2796","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41764","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4184","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2796"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/2fd46859c1def6b5ab79ae2b9cb88c309769443d"},{"reference_url":"https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/69d56ec3-8370-44cf-9732-4065e3076097"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2796","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2796"},{"reference_url":"https://github.com/advisories/GHSA-pr4f-4pcx-2r3h","reference_id":"GHSA-pr4f-4pcx-2r3h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pr4f-4pcx-2r3h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148039?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.4"}],"aliases":["CVE-2022-2796","GHSA-pr4f-4pcx-2r3h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jv87-2e53-13as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44690?format=json","vulnerability_id":"VCID-kb9x-es6p-73eh","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1515","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03894","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0391","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1515"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:23:15Z/"}],"url":"https://github.com/pimcore/pimcore/commit/44c6b37aa649a0e3105fa41f3d74a3e511acf964"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14562","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14562"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14562.patch","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14562.patch"},{"reference_url":"https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:23:15Z/"}],"url":"https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282"},{"reference_url":"https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1515","reference_id":"CVE-2023-1515","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1515"},{"reference_url":"https://github.com/advisories/GHSA-66cm-c7ch-5j8q","reference_id":"GHSA-66cm-c7ch-5j8q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-66cm-c7ch-5j8q"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-66cm-c7ch-5j8q","reference_id":"GHSA-66cm-c7ch-5j8q","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-66cm-c7ch-5j8q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["CVE-2023-1515","GHSA-66cm-c7ch-5j8q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kb9x-es6p-73eh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40868?format=json","vulnerability_id":"VCID-ksg7-98kn-9uc8","summary":"Deserialization of Untrusted Data\nAn attacker with classes permission can send a POST request to `/admin/class/bulk-commit`, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to `bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php`.","references":[{"reference_url":"http://packetstormsecurity.com/files/152667/Pimcore-Unserialize-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152667/Pimcore-Unserialize-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10867","reference_id":"","reference_type":"","scores":[{"value":"0.52728","scoring_system":"epss","scoring_elements":"0.97995","published_at":"2026-06-04T12:55:00Z"},{"value":"0.52728","scoring_system":"epss","scoring_elements":"0.97998","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10867"},{"reference_url":"https://blog.certimetergroup.com/it/articolo/security/polyglot_phar_deserialization_to_rce","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.certimetergroup.com/it/articolo/security/polyglot_phar_deserialization_to_rce"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/38a29e2f4f5f060a73974626952501cee05fda73","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/38a29e2f4f5f060a73974626952501cee05fda73"},{"reference_url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-173998","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-173998"},{"reference_url":"https://www.exploit-db.com/exploits/46783","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46783"},{"reference_url":"https://www.exploit-db.com/exploits/46783/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46783/"},{"reference_url":"http://www.rapid7.com/db/modules/exploit/multi/http/pimcore_unserialize_rce","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.rapid7.com/db/modules/exploit/multi/http/pimcore_unserialize_rce"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46783.rb","reference_id":"CVE-2019-10867","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46783.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10867","reference_id":"CVE-2019-10867","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10867"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/pimcore_unserialize_rce.rb","reference_id":"CVE-2019-10867","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/pimcore_unserialize_rce.rb"},{"reference_url":"https://github.com/advisories/GHSA-7hqr-j26m-gmwp","reference_id":"GHSA-7hqr-j26m-gmwp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7hqr-j26m-gmwp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57727?format=json","purl":"pkg:composer/pimcore/pimcore@5.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-9k8b-a52b-47fx"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-ejnh-57m7-ffab"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-pygu-76pc-r7as"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-umwk-nrvg-6bg5"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-utnk-dp6a-w3gf"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yq5e-ruk6-9ud2"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-yxfb-p2aw-t3ga"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.7.1"}],"aliases":["CVE-2019-10867","GHSA-7hqr-j26m-gmwp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksg7-98kn-9uc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44635?format=json","vulnerability_id":"VCID-kw4t-2xte-b3du","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1286","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01415","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01424","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1286"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:33:06Z/"}],"url":"https://github.com/pimcore/pimcore/commit/82cca7f4a7560b160336cce2610481098ca52c18"},{"reference_url":"https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:33:06Z/"}],"url":"https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1286","reference_id":"CVE-2023-1286","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1286"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1286","GHSA-8jv7-vwrc-mv4g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kw4t-2xte-b3du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46314?format=json","vulnerability_id":"VCID-m5ct-vypc-kbgv","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5873","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.0015","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5873"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:14Z/"}],"url":"https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c"},{"reference_url":"https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:14Z/"}],"url":"https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5873","reference_id":"CVE-2023-5873","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5873"},{"reference_url":"https://github.com/advisories/GHSA-j59v-hh4p-q92m","reference_id":"GHSA-j59v-hh4p-q92m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j59v-hh4p-q92m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67587?format=json","purl":"pkg:composer/pimcore/pimcore@11.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-u5a1-c9ar-3kg6"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.1.0"}],"aliases":["CVE-2023-5873","GHSA-j59v-hh4p-q92m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ct-vypc-kbgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44556?format=json","vulnerability_id":"VCID-muk7-qswq-j3cy","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1117","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00779","published_at":"2026-06-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00781","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1117"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:19Z/"}],"url":"https://github.com/pimcore/pimcore/commit/b9ba69f66d6a9986fb36f239661b98cd33a89853"},{"reference_url":"https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:19Z/"}],"url":"https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1117","reference_id":"CVE-2023-1117","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1117"},{"reference_url":"https://github.com/advisories/GHSA-qxcw-rf4v-hp26","reference_id":"GHSA-qxcw-rf4v-hp26","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qxcw-rf4v-hp26"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-qxcw-rf4v-hp26","reference_id":"GHSA-qxcw-rf4v-hp26","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-qxcw-rf4v-hp26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64071?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1117","GHSA-qxcw-rf4v-hp26"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-muk7-qswq-j3cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42578?format=json","vulnerability_id":"VCID-mvg7-d7ef-37fj","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0831","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3545","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35545","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0831"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf"},{"reference_url":"https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/4152e3a7-27a1-49eb-a6eb-a57506af104f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0831","reference_id":"CVE-2022-0831","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0831"},{"reference_url":"https://github.com/advisories/GHSA-q67f-3jq4-mww2","reference_id":"GHSA-q67f-3jq4-mww2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q67f-3jq4-mww2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60884?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.3"}],"aliases":["CVE-2022-0831","GHSA-q67f-3jq4-mww2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvg7-d7ef-37fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44682?format=json","vulnerability_id":"VCID-n6ne-ucpz-u3bb","summary":"Reflected XSS in Application Logger module\n### Impact\nThis vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.\n\n### Patches\nUpdate to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14606.patch\n\n### Workarounds\nApply https://github.com/pimcore/pimcore/pull/14606.patch manually.\n\n### References\nhttps://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/","references":[{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14606","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14606"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14606.patch","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14606.patch"},{"reference_url":"https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356"},{"reference_url":"https://github.com/advisories/GHSA-2xpm-cmvw-3jcc","reference_id":"GHSA-2xpm-cmvw-3jcc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2xpm-cmvw-3jcc"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc","reference_id":"GHSA-2xpm-cmvw-3jcc","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["GHSA-2xpm-cmvw-3jcc","GMS-2023-779"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6ne-ucpz-u3bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42716?format=json","vulnerability_id":"VCID-n6nv-8sfz-mbce","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0704","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10504","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10546","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0704"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"},{"reference_url":"https://github.com/pimcore/pimcore/pull/11447","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/11447"},{"reference_url":"https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/4142a8b4-b439-4328-aaa3-52f6fedfd0a6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0704","reference_id":"CVE-2022-0704","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0704"},{"reference_url":"https://github.com/advisories/GHSA-pc32-x737-74cv","reference_id":"GHSA-pc32-x737-74cv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pc32-x737-74cv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60668?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/145294?format=json","purl":"pkg:composer/pimcore/pimcore@10.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0"}],"aliases":["CVE-2022-0704","GHSA-pc32-x737-74cv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6nv-8sfz-mbce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41852?format=json","vulnerability_id":"VCID-nkvu-1mye-dfbm","summary":"pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4081","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02602","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02613","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4081"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/34ed0e050ff679b4b38414aef48ea1ff956f907a"},{"reference_url":"https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/da173e66-76ba-4f98-b8fb-429aabf222d3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4081","reference_id":"CVE-2021-4081","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4081"},{"reference_url":"https://github.com/advisories/GHSA-3p85-p4qg-hcrp","reference_id":"GHSA-3p85-p4qg-hcrp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p85-p4qg-hcrp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59768?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6"}],"aliases":["CVE-2021-4081","GHSA-3p85-p4qg-hcrp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkvu-1mye-dfbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45705?format=json","vulnerability_id":"VCID-nnem-28fp-xugy","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3822","reference_id":"","reference_type":"","scores":[{"value":"0.1097","scoring_system":"epss","scoring_elements":"0.93568","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3822"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:11:54Z/"}],"url":"https://github.com/pimcore/pimcore/commit/d75888a9b14baaad591548463cca09dfd1395236"},{"reference_url":"https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:11:54Z/"}],"url":"https://huntr.dev/bounties/2a3a13fe-2a9a-4d1a-8814-fd8ed1e3b1d5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3822","reference_id":"CVE-2023-3822","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3822"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66223?format=json","purl":"pkg:composer/pimcore/pimcore@10.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4"}],"aliases":["CVE-2023-3822","GHSA-vmpv-qjhq-r463"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnem-28fp-xugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41327?format=json","vulnerability_id":"VCID-p33r-uxhp-q3eu","summary":"Improper Neutralization of Formula Elements in a CSV File\nPimcore is an open source data & experience management platform., Data Object CSV import allows formular injection. The problem is patched Aside from upgrading, one may apply the patch manually as a workaround.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37702","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10967","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11055","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37702"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/pull/9992","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/9992"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37702","reference_id":"CVE-2021-37702","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58720?format=json","purl":"pkg:composer/pimcore/pimcore@10.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.1"}],"aliases":["CVE-2021-37702","GHSA-pp2h-95hm-hv9r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p33r-uxhp-q3eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45081?format=json","vulnerability_id":"VCID-p3g5-vbhk-h3h7","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2322","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01668","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2322"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/"}],"url":"https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773"},{"reference_url":"https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/"}],"url":"https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2322","reference_id":"CVE-2023-2322","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2322"},{"reference_url":"https://github.com/advisories/GHSA-476g-v7hf-cw5m","reference_id":"GHSA-476g-v7hf-cw5m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-476g-v7hf-cw5m"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m","reference_id":"GHSA-476g-v7hf-cw5m","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2322","GHSA-476g-v7hf-cw5m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3g5-vbhk-h3h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42921?format=json","vulnerability_id":"VCID-p3kp-be4v-nqca","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nStored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1351","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.074","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07433","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1351"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac"},{"reference_url":"https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1351","reference_id":"CVE-2022-1351","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1351"},{"reference_url":"https://github.com/advisories/GHSA-xcr3-4qvr-54rh","reference_id":"GHSA-xcr3-4qvr-54rh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xcr3-4qvr-54rh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145294?format=json","purl":"pkg:composer/pimcore/pimcore@10.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0"}],"aliases":["CVE-2022-1351","GHSA-xcr3-4qvr-54rh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3kp-be4v-nqca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41400?format=json","vulnerability_id":"VCID-ppb6-perx-z7g3","summary":"Cross-site Scripting\nText-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39166","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05359","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05337","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39166"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/pull/10170","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/10170"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-w6j8-jc36-x5q9","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-w6j8-jc36-x5q9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39166","reference_id":"CVE-2021-39166","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39166"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58858?format=json","purl":"pkg:composer/pimcore/pimcore@10.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.2"}],"aliases":["CVE-2021-39166","GHSA-w6j8-jc36-x5q9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ppb6-perx-z7g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44554?format=json","vulnerability_id":"VCID-ppum-bu2e-b3hr","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1116","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00683","published_at":"2026-06-04T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0068","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1116"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:54Z/"}],"url":"https://github.com/pimcore/pimcore/commit/f6d322efa207a737eedd8726b7c92e957a83341e"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14467.patch","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14467.patch"},{"reference_url":"https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T18:32:54Z/"}],"url":"https://huntr.dev/bounties/3245ff99-9adf-4db9-af94-f995747e09d1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1116","reference_id":"CVE-2023-1116","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1116"},{"reference_url":"https://github.com/advisories/GHSA-96hp-38wx-j3wc","reference_id":"GHSA-96hp-38wx-j3wc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-96hp-38wx-j3wc"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-96hp-38wx-j3wc","reference_id":"GHSA-96hp-38wx-j3wc","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-96hp-38wx-j3wc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64071?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1116","GHSA-96hp-38wx-j3wc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ppum-bu2e-b3hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41198?format=json","vulnerability_id":"VCID-pygu-76pc-r7as","summary":"A SQL Injection flaw was found in the package pimcore/pimcore. This issue exists due to the absence of check on the `storeId` parameter in the method `collectionsActionGet` and `groupsActionGet` method within the `ClassificationstoreController` class.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23405","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08183","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08217","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23405"},{"reference_url":"https://github.com/pimcore/pimcore/pull/9572","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/9572"},{"reference_url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1316297","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-1316297"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23405","reference_id":"CVE-2021-23405","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23405"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58358?format=json","purl":"pkg:composer/pimcore/pimcore@10.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.0.7"}],"aliases":["CVE-2021-23405","GHSA-g8jx-66p8-vcm2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pygu-76pc-r7as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45151?format=json","vulnerability_id":"VCID-q4w5-13sd-xfdr","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2614","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01359","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2614"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:42:03Z/"}],"url":"https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7"},{"reference_url":"https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:42:03Z/"}],"url":"https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2614","reference_id":"CVE-2023-2614","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2614"},{"reference_url":"https://github.com/advisories/GHSA-m6m9-gr85-79vm","reference_id":"GHSA-m6m9-gr85-79vm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m6m9-gr85-79vm"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm","reference_id":"GHSA-m6m9-gr85-79vm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2614","GHSA-m6m9-gr85-79vm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4w5-13sd-xfdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42195?format=json","vulnerability_id":"VCID-qh25-w41n-eubf","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA stored Cross-site Scripting (XSS) vulnerability was found in pimcore.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0251","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02767","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02779","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0251"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/3ae96b9d41c117aafa45873ad10077d4b873a3cb"},{"reference_url":"https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/eb4b08f9-cf8b-4335-b3b8-ed44e5fa80a5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0251","reference_id":"CVE-2022-0251","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0251"},{"reference_url":"https://github.com/advisories/GHSA-f7q6-xxph-mfm8","reference_id":"GHSA-f7q6-xxph-mfm8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7q6-xxph-mfm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60292?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/146416?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.10"}],"aliases":["CVE-2022-0251","GHSA-f7q6-xxph-mfm8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh25-w41n-eubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41410?format=json","vulnerability_id":"VCID-rnht-mqx9-sucr","summary":"Cross-site Scripting\nPimcore is an open source data & experience management platform. An authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore As a workaround, users may apply the patch manually.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39170","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07955","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07988","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39170"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/pull/10178","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/10178"},{"reference_url":"https://github.com/pimcore/pimcore/pull/10178.patch","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/10178.patch"},{"reference_url":"https://github.com/pimcore/pimcore/pull/10206","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/10206"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f"},{"reference_url":"https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/c3e4cf79-a4b5-4982-af27-729f66281501"},{"reference_url":"https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39170","reference_id":"CVE-2021-39170","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39170"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58858?format=json","purl":"pkg:composer/pimcore/pimcore@10.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.2"}],"aliases":["CVE-2021-39170","GHSA-2v88-qq7x-xq5f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rnht-mqx9-sucr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109160?format=json","vulnerability_id":"VCID-s6f2-dbzx-kugz","summary":"Pimcore vulnerable to cross site scripting\nIf an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can perform any action within the application that the user can perform; view any information that the user is able to view; modify any information that the user is able to modify; and/or initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. A patch for this issue is available at commit 1e916e7d668c9e47b217e20cc0ea4812f466201b and anticipated to be part of version 10.5.7.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3255","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01455","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01463","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3255"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-28T15:21:24Z/"}],"url":"https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b"},{"reference_url":"https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-28T15:21:24Z/"}],"url":"https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3255","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3255"},{"reference_url":"https://github.com/advisories/GHSA-wqr6-57qm-hhr5","reference_id":"GHSA-wqr6-57qm-hhr5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wqr6-57qm-hhr5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145914?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.7"}],"aliases":["CVE-2022-3255","GHSA-wqr6-57qm-hhr5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6f2-dbzx-kugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44675?format=json","vulnerability_id":"VCID-s6xd-j7a8-u3c8","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nPimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28106","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21664","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28106"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/"}],"url":"https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14669.patch","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/"}],"url":"https://github.com/pimcore/pimcore/pull/14669.patch"},{"reference_url":"https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/"}],"url":"https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28106","reference_id":"CVE-2023-28106","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28106"},{"reference_url":"https://github.com/advisories/GHSA-x5j3-mq9g-8jc8","reference_id":"GHSA-x5j3-mq9g-8jc8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x5j3-mq9g-8jc8"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8","reference_id":"GHSA-x5j3-mq9g-8jc8","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:29:14Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["CVE-2023-28106","GHSA-x5j3-mq9g-8jc8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6xd-j7a8-u3c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42707?format=json","vulnerability_id":"VCID-sdww-bp7g-9ygj","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0705","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0114","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01151","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0705"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"},{"reference_url":"https://github.com/pimcore/pimcore/pull/11447","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/11447"},{"reference_url":"https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/0e1b6836-e5b5-4e47-b9ab-2f6a4790ee7b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0705","reference_id":"CVE-2022-0705","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0705"},{"reference_url":"https://github.com/advisories/GHSA-xmq3-hgjx-6997","reference_id":"GHSA-xmq3-hgjx-6997","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmq3-hgjx-6997"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60668?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/145294?format=json","purl":"pkg:composer/pimcore/pimcore@10.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0"}],"aliases":["CVE-2022-0705","GHSA-xmq3-hgjx-6997"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdww-bp7g-9ygj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41844?format=json","vulnerability_id":"VCID-shds-jhqq-ufd1","summary":"pimcore is vulnerable to Cross-Site Request Forgery (CSRF)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4082","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00476","published_at":"2026-06-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00479","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4082"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/3088cec7dc3cbc5a8b26f1269e398e799ee7ee28"},{"reference_url":"https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4082","reference_id":"CVE-2021-4082","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4082"},{"reference_url":"https://github.com/advisories/GHSA-2v2v-fx7r-f2fh","reference_id":"GHSA-2v2v-fx7r-f2fh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2v2v-fx7r-f2fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59768?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6"}],"aliases":["CVE-2021-4082","GHSA-2v2v-fx7r-f2fh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shds-jhqq-ufd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41468?format=json","vulnerability_id":"VCID-svwv-zn1s-xbdn","summary":"Information Exposure Through Discrepancy\nPimcore is an open source data & experience management platform. A flaw was found identifying it is possible to enumerate usernames via the forgot password functionality.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39189","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05764","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0574","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39189"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca039132bdfcbb0dce","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/10223/commits/d0a4de39cf05dce6af71f8ca039132bdfcbb0dce"},{"reference_url":"https://github.com/pimcore/pimcore/pull/10223.patch","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/10223.patch"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-579x-cjvr-cqj9"},{"reference_url":"https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39189","reference_id":"CVE-2021-39189","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39189"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58993?format=json","purl":"pkg:composer/pimcore/pimcore@10.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.1.3"}],"aliases":["CVE-2021-39189","GHSA-579x-cjvr-cqj9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svwv-zn1s-xbdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45302?format=json","vulnerability_id":"VCID-tcpz-9zjx-q3c7","summary":"Path Traversal: '\\..\\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2984","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08279","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2984"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T19:58:45Z/"}],"url":"https://github.com/pimcore/pimcore/commit/e8dbc4da58ae86618bceb67ed35ce23e5e54d2ed"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-46g3-f9r8-xj4v","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-46g3-f9r8-xj4v"},{"reference_url":"https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-13T19:58:45Z/"}],"url":"https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2984","reference_id":"CVE-2023-2984","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2984"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65283?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.22"}],"aliases":["CVE-2023-2984","GHSA-46g3-f9r8-xj4v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcpz-9zjx-q3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44790?format=json","vulnerability_id":"VCID-tn1v-4yx7-8uat","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1701","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03905","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03889","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1701"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:52:49Z/"}],"url":"https://github.com/pimcore/pimcore/commit/2b997737dd6a60be2239a51dd6d9ef5881568e6d"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14721.patch","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14721.patch"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-7r35-chv4-xr3r","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-7r35-chv4-xr3r"},{"reference_url":"https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:52:49Z/"}],"url":"https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1701","reference_id":"CVE-2023-1701","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1701"},{"reference_url":"https://github.com/advisories/GHSA-6mmf-qm37-pmgg","reference_id":"GHSA-6mmf-qm37-pmgg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6mmf-qm37-pmgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64449?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1701","GHSA-6mmf-qm37-pmgg","GHSA-7r35-chv4-xr3r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tn1v-4yx7-8uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45064?format=json","vulnerability_id":"VCID-tx4m-dken-57hp","summary":"Cross-site Scripting (XSS) in Conditions tab of Pricing Rules\nThis vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2332","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00101","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2332"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T21:00:05Z/"}],"url":"https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe"},{"reference_url":"https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T21:00:05Z/"}],"url":"https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2332","reference_id":"CVE-2023-2332","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2332"},{"reference_url":"https://github.com/advisories/GHSA-r7mm-jx6h-hv7m","reference_id":"GHSA-r7mm-jx6h-hv7m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r7mm-jx6h-hv7m"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m","reference_id":"GHSA-r7mm-jx6h-hv7m","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2332","GHSA-r7mm-jx6h-hv7m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tx4m-dken-57hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45702?format=json","vulnerability_id":"VCID-u66z-9utb-7uf2","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3820","reference_id":"","reference_type":"","scores":[{"value":"0.41187","scoring_system":"epss","scoring_elements":"0.97474","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3820"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T13:29:49Z/"}],"url":"https://github.com/pimcore/pimcore/commit/e641968979d4a2377bbea5e2a76bdede040d0b97"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-c9hw-557q-f8hq","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-c9hw-557q-f8hq"},{"reference_url":"https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T13:29:49Z/"}],"url":"https://huntr.dev/bounties/b00a38b6-d040-494d-bf46-38f46ac1a1db"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3820","reference_id":"CVE-2023-3820","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3820"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66223?format=json","purl":"pkg:composer/pimcore/pimcore@10.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4"}],"aliases":["CVE-2023-3820","GHSA-c9hw-557q-f8hq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u66z-9utb-7uf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45700?format=json","vulnerability_id":"VCID-u889-d2cm-2kfk","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3821","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0039","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3821"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:28:26Z/"}],"url":"https://github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c"},{"reference_url":"https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:28:26Z/"}],"url":"https://huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3821","reference_id":"CVE-2023-3821","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3821"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66223?format=json","purl":"pkg:composer/pimcore/pimcore@10.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4"}],"aliases":["CVE-2023-3821","GHSA-78q2-cv3p-x9fm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u889-d2cm-2kfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53848?format=json","vulnerability_id":"VCID-umwk-nrvg-6bg5","summary":"Improper Preservation of Permissions\nPimcore is an open source digital experience platform. In Pimcore it is possible to modify & create website settings without having the appropriate permissions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26246","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10465","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10508","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26246"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26246","reference_id":"CVE-2020-26246","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26246"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79272?format=json","purl":"pkg:composer/pimcore/pimcore@6.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-9k8b-a52b-47fx"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-pygu-76pc-r7as"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.8.5"}],"aliases":["CVE-2020-26246","GHSA-7p8p-4253-3mg6"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umwk-nrvg-6bg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45703?format=json","vulnerability_id":"VCID-upfw-kpy5-3qd8","summary":"Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3819","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00059","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3819"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:38:48Z/"}],"url":"https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-r87r-982q-2c3q","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-r87r-982q-2c3q"},{"reference_url":"https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T13:38:48Z/"}],"url":"https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-00533135817c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3819","reference_id":"CVE-2023-3819","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3819"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66223?format=json","purl":"pkg:composer/pimcore/pimcore@10.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.4"}],"aliases":["CVE-2023-3819","GHSA-r87r-982q-2c3q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upfw-kpy5-3qd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44788?format=json","vulnerability_id":"VCID-upjh-4jdt-xbgd","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1703","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0088","published_at":"2026-06-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00891","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1703"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:31:27Z/"}],"url":"https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-4f25-2x2c-vg6v","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-4f25-2x2c-vg6v"},{"reference_url":"https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T19:31:27Z/"}],"url":"https://huntr.dev/bounties/d12d105c-18fa-4d08-b591-b0e89e39eec1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1703","reference_id":"CVE-2023-1703","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1703"},{"reference_url":"https://github.com/advisories/GHSA-3r5c-h7g6-cqw7","reference_id":"GHSA-3r5c-h7g6-cqw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3r5c-h7g6-cqw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64449?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.20"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1703","GHSA-3r5c-h7g6-cqw7","GHSA-4f25-2x2c-vg6v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upjh-4jdt-xbgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52014?format=json","vulnerability_id":"VCID-utnk-dp6a-w3gf","summary":"Improper Restriction of Excessive Authentication Attempts\nPimcore lacks brute force protection for the 2FA token.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18985","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00664","published_at":"2026-06-04T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00661","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18985"},{"reference_url":"https://github.com/pimcore/pimcore/commit/9f2d075243a8392c114d9a8028858b9faf041e2d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/9f2d075243a8392c114d9a8028858b9faf041e2d"},{"reference_url":"https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18985","reference_id":"CVE-2019-18985","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18985"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76193?format=json","purl":"pkg:composer/pimcore/pimcore@6.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-9k8b-a52b-47fx"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-ejnh-57m7-ffab"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-pygu-76pc-r7as"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-qrue-na7k-jkf6"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-umwk-nrvg-6bg5"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.2.2"}],"aliases":["CVE-2019-18985","GHSA-hf62-5vxh-jpwj"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utnk-dp6a-w3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46395?format=json","vulnerability_id":"VCID-vqdy-2yzt-7qdf","summary":"Cross-Site Request Forgery (CSRF)\nPimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47637","reference_id":"","reference_type":"","scores":[{"value":"0.7572","scoring_system":"epss","scoring_elements":"0.98924","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47637"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/blob/bba7c7419cb1f06d5fd98781eab4d6995e4e5dca/src/Helper/GridHelperService.php#L311"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php#L285-L312","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/blob/42b6cfa77c4540205bdd10689893ccb73e4bac8f/models/DataObject/ClassDefinition/Data/Multiselect.php#L285-L312"},{"reference_url":"https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/"}],"url":"https://github.com/pimcore/pimcore/commit/d164d99c90f098d0ccd6b72929c48b727e2953a0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47637","reference_id":"CVE-2023-47637","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47637"},{"reference_url":"https://github.com/advisories/GHSA-72hh-xf79-429p","reference_id":"GHSA-72hh-xf79-429p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-72hh-xf79-429p"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p","reference_id":"GHSA-72hh-xf79-429p","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-29T17:40:14Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-72hh-xf79-429p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67743?format=json","purl":"pkg:composer/pimcore/pimcore@11.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-cn4e-nsm4-e3fv"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-u5a1-c9ar-3kg6"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.1.1"}],"aliases":["CVE-2023-47637","GHSA-72hh-xf79-429p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vqdy-2yzt-7qdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44705?format=json","vulnerability_id":"VCID-vra6-hemr-kuf1","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28438","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08002","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28438"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/"}],"url":"https://github.com/pimcore/pimcore/commit/d1abadb181c88ebaa4bce1916f9077469d4ea2bc.patch"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14526","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/"}],"url":"https://github.com/pimcore/pimcore/pull/14526"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28438","reference_id":"CVE-2023-28438","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28438"},{"reference_url":"https://github.com/advisories/GHSA-vf7q-g2pv-jxvx","reference_id":"GHSA-vf7q-g2pv-jxvx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vf7q-g2pv-jxvx"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx","reference_id":"GHSA-vf7q-g2pv-jxvx","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:17Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-vf7q-g2pv-jxvx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["CVE-2023-28438","GHSA-vf7q-g2pv-jxvx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vra6-hemr-kuf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44693?format=json","vulnerability_id":"VCID-vser-cuam-k7hs","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1517","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0347","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03478","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1517"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:22:48Z/"}],"url":"https://github.com/pimcore/pimcore/commit/3a22700dacd8a439cffcb208838a4199e732cff7"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14631","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14631"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14631.patch","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/14631.patch"},{"reference_url":"https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T19:22:48Z/"}],"url":"https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d"},{"reference_url":"https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1517","reference_id":"CVE-2023-1517","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1517"},{"reference_url":"https://github.com/advisories/GHSA-42x8-2v53-pqmj","reference_id":"GHSA-42x8-2v53-pqmj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-42x8-2v53-pqmj"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-42x8-2v53-pqmj","reference_id":"GHSA-42x8-2v53-pqmj","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-42x8-2v53-pqmj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["CVE-2023-1517","GHSA-42x8-2v53-pqmj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vser-cuam-k7hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51811?format=json","vulnerability_id":"VCID-vz1n-rh5e-kfgj","summary":"Unrestricted Upload of File with Dangerous Type\nIn Pimcore, an attacker with limited privileges can bypass file-extension restrictions via a filename, as demonstrated by the failure of automatic renaming of `.php` to `.php.txt` for long filenames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16318","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00825","published_at":"2026-06-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00826","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16318"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/732f1647cc6e0a29b5b1f5d904b4d726b5e9455f","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/732f1647cc6e0a29b5b1f5d904b4d726b5e9455f"},{"reference_url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451598","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PHP-PIMCOREPIMCORE-451598"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16318","reference_id":"CVE-2019-16318","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16318"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57727?format=json","purl":"pkg:composer/pimcore/pimcore@5.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-9k8b-a52b-47fx"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-ejnh-57m7-ffab"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-pygu-76pc-r7as"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-umwk-nrvg-6bg5"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-utnk-dp6a-w3gf"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yq5e-ruk6-9ud2"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-yxfb-p2aw-t3ga"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@5.7.1"}],"aliases":["CVE-2019-16318","GHSA-cxj7-4jpj-2q38"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vz1n-rh5e-kfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45082?format=json","vulnerability_id":"VCID-w2hy-y2fn-m7gz","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30850","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20255","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30850"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38"},{"reference_url":"https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/"}],"url":"https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14952","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/"}],"url":"https://github.com/pimcore/pimcore/pull/14952"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30850","reference_id":"CVE-2023-30850","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30850"},{"reference_url":"https://github.com/advisories/GHSA-jwg4-qcgv-5wg6","reference_id":"GHSA-jwg4-qcgv-5wg6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jwg4-qcgv-5wg6"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6","reference_id":"GHSA-jwg4-qcgv-5wg6","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T21:12:49Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-30850","GHSA-jwg4-qcgv-5wg6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2hy-y2fn-m7gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44539?format=json","vulnerability_id":"VCID-w2nk-gqyj-3yay","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1067","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04572","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04597","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1067"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T19:54:41Z/"}],"url":"https://github.com/pimcore/pimcore/commit/4b5733266d7d6aeb4f221a15e005db83fc198edf"},{"reference_url":"https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T19:54:41Z/"}],"url":"https://huntr.dev/bounties/31d17b34-f80d-49f2-86e7-97ae715cc045"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1067","reference_id":"CVE-2023-1067","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1067"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64071?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.18"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-1067","GHSA-f2jh-mf2c-8278"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2nk-gqyj-3yay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42705?format=json","vulnerability_id":"VCID-w3x1-neky-ckeg","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0911","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04187","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04203","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0911"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/6e0922c5b2959ac1b48500ac508d8fc5a97286f9"},{"reference_url":"https://github.com/pimcore/pimcore/pull/11447","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/11447"},{"reference_url":"https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/b242edb1-b036-4dca-9b53-891494dd7a77"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0911","reference_id":"CVE-2022-0911","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0911"},{"reference_url":"https://github.com/advisories/GHSA-j29f-m23h-3p8p","reference_id":"GHSA-j29f-m23h-3p8p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j29f-m23h-3p8p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60668?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/145294?format=json","purl":"pkg:composer/pimcore/pimcore@10.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.4.0"}],"aliases":["CVE-2022-0911","GHSA-j29f-m23h-3p8p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w3x1-neky-ckeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44678?format=json","vulnerability_id":"VCID-wj8w-76xv-jucd","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1429","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04572","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04597","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1429"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:15:52Z/"}],"url":"https://github.com/pimcore/pimcore/commit/7588c336edb24050656111b89d69e69cc9feb5f5"},{"reference_url":"https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:15:52Z/"}],"url":"https://huntr.dev/bounties/e0829fea-e458-47b8-84a3-a74476d9638f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1429","reference_id":"CVE-2023-1429","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1429"},{"reference_url":"https://github.com/advisories/GHSA-3223-w774-99fq","reference_id":"GHSA-3223-w774-99fq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3223-w774-99fq"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-3223-w774-99fq","reference_id":"GHSA-3223-w774-99fq","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-3223-w774-99fq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["CVE-2023-1429","GHSA-3223-w774-99fq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wj8w-76xv-jucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45887?format=json","vulnerability_id":"VCID-wneb-ka1d-rfbw","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4453","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00116","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4453"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T14:05:40Z/"}],"url":"https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e"},{"reference_url":"https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-03T14:05:40Z/"}],"url":"https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4453","reference_id":"CVE-2023-4453","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4453"},{"reference_url":"https://github.com/advisories/GHSA-599v-h3q5-g6r9","reference_id":"GHSA-599v-h3q5-g6r9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-599v-h3q5-g6r9"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-599v-h3q5-g6r9","reference_id":"GHSA-599v-h3q5-g6r9","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-599v-h3q5-g6r9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66613?format=json","purl":"pkg:composer/pimcore/pimcore@10.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/69875?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0-ALPHA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0-ALPHA1"}],"aliases":["CVE-2023-4453","GHSA-599v-h3q5-g6r9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wneb-ka1d-rfbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42407?format=json","vulnerability_id":"VCID-wqx5-j39q-7yep","summary":"Cross-site Scripting in pimcore\nCross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0565","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16944","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16865","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0565"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T19:16:12Z/"}],"url":"https://github.com/pimcore/pimcore/commit/7697f709a501860144352696e583a2533a6e1245"},{"reference_url":"https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T19:16:12Z/"}],"url":"https://huntr.dev/bounties/b0b29656-4bbe-41cf-92f6-8579df0b6de5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0565","reference_id":"CVE-2022-0565","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0565"},{"reference_url":"https://github.com/advisories/GHSA-h9vc-2p9g-63gp","reference_id":"GHSA-h9vc-2p9g-63gp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h9vc-2p9g-63gp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60668?format=json","purl":"pkg:composer/pimcore/pimcore@10.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.3.1"}],"aliases":["CVE-2022-0565","GHSA-h9vc-2p9g-63gp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqx5-j39q-7yep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44691?format=json","vulnerability_id":"VCID-wrtm-zhun-ffbt","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nPimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28429","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01619","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28429"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14574","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/"}],"url":"https://github.com/pimcore/pimcore/pull/14574"},{"reference_url":"https://github.com/pimcore/pimcore/pull/14574.patch","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/"}],"url":"https://github.com/pimcore/pimcore/pull/14574.patch"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28429","reference_id":"CVE-2023-28429","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28429"},{"reference_url":"https://github.com/advisories/GHSA-rcg9-hrhx-6q69","reference_id":"GHSA-rcg9-hrhx-6q69","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rcg9-hrhx-6q69"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-rcg9-hrhx-6q69","reference_id":"GHSA-rcg9-hrhx-6q69","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:28:32Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-rcg9-hrhx-6q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["CVE-2023-28429","GHSA-rcg9-hrhx-6q69"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrtm-zhun-ffbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44677?format=json","vulnerability_id":"VCID-xks7-nx83-9khy","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pimcore/pimcore.","references":[{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/advisories/GHSA-rrwm-8wqm-gwgv","reference_id":"GHSA-rrwm-8wqm-gwgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rrwm-8wqm-gwgv"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-rrwm-8wqm-gwgv","reference_id":"GHSA-rrwm-8wqm-gwgv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-rrwm-8wqm-gwgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64267?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.19"}],"aliases":["GHSA-rrwm-8wqm-gwgv","GMS-2023-781"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xks7-nx83-9khy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42092?format=json","vulnerability_id":"VCID-xq4y-918u-yfe7","summary":"Business Logic Errors in GitHub repository pimcore/pimcore","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4146","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01095","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01084","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4146"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/7011922f7f0f97a82d8c378559b91fcdb34604a6"},{"reference_url":"https://github.com/pimcore/pimcore/issues/11024","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/issues/11024"},{"reference_url":"https://github.com/pimcore/pimcore/pull/11206","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/pull/11206"},{"reference_url":"https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/47b37054-cafe-4f48-8b40-c86efc7fb760"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4146","reference_id":"CVE-2021-4146","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4146"},{"reference_url":"https://github.com/advisories/GHSA-54hw-mhgh-x4vc","reference_id":"GHSA-54hw-mhgh-x4vc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54hw-mhgh-x4vc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59768?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/60204?format=json","purl":"pkg:composer/pimcore/pimcore@10.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.2.9"}],"aliases":["CVE-2021-4146","GHSA-54hw-mhgh-x4vc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xq4y-918u-yfe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49721?format=json","vulnerability_id":"VCID-xvhk-gv9z-53hb","summary":"Pimcore is Vulnerable to Broken Access Control: Missing Function Level Authorization on \"Static Routes\" Listing\nThe application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined via the backend interface or the var/config/staticroutes.php file, including details like regex-based patterns, controllers, variables, and priorities. These routes are registered automatically through the PimcoreStaticRoutesBundle and integrated into the MVC routing system. Testing revealed that an authenticated backend user lacking explicit permissions was able to invoke the endpoint (e.g., GET /api/static-routes) and retrieve sensitive route configurations. This violates OWASP A01:2021 Broken Access Control, as function-level authorization is absent, allowing unauthorized access to internal routing metadata. Without validation, the endpoint exposes route structures, potentially revealing application architecture, endpoints, or custom logic intended for administrative roles only.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23494","reference_id":"","reference_type":"","scores":[{"value":"1e-05","scoring_system":"epss","scoring_elements":"0.00014","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23494"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/pull/18893","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/"}],"url":"https://github.com/pimcore/pimcore/pull/18893"},{"reference_url":"https://github.com/pimcore/pimcore/releases/tag/v11.5.14","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/"}],"url":"https://github.com/pimcore/pimcore/releases/tag/v11.5.14"},{"reference_url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/"}],"url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23494","reference_id":"CVE-2026-23494","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23494"},{"reference_url":"https://github.com/advisories/GHSA-m3r2-724c-pwgf","reference_id":"GHSA-m3r2-724c-pwgf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m3r2-724c-pwgf"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf","reference_id":"GHSA-m3r2-724c-pwgf","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:08:08Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73400?format=json","purl":"pkg:composer/pimcore/pimcore@11.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hmpr-1fgb-jqea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/73399?format=json","purl":"pkg:composer/pimcore/pimcore@12.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hmpr-1fgb-jqea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1"}],"aliases":["CVE-2026-23494","GHSA-m3r2-724c-pwgf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvhk-gv9z-53hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52016?format=json","vulnerability_id":"VCID-yq5e-ruk6-9ud2","summary":"Improper Restriction of Excessive Authentication Attempts\nPimcore allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18986","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00784","published_at":"2026-06-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00786","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18986"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/4a7bba5c3f818852cbbd29fa124f7fb09a207185","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/4a7bba5c3f818852cbbd29fa124f7fb09a207185"},{"reference_url":"https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18986","reference_id":"CVE-2019-18986","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18986"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76193?format=json","purl":"pkg:composer/pimcore/pimcore@6.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-9k8b-a52b-47fx"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-ejnh-57m7-ffab"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-pygu-76pc-r7as"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-qrue-na7k-jkf6"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-umwk-nrvg-6bg5"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.2.2"}],"aliases":["CVE-2019-18986","GHSA-8889-9g3f-73rj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yq5e-ruk6-9ud2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49716?format=json","vulnerability_id":"VCID-yrnf-q3z4-jfh1","summary":"Pimcore ENV Variables and Cookie Informations are exposed in http_error_log\nThe http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23493","reference_id":"","reference_type":"","scores":[{"value":"1e-05","scoring_system":"epss","scoring_elements":"5e-05","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23493"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/"}],"url":"https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601"},{"reference_url":"https://github.com/pimcore/pimcore/pull/18918","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/"}],"url":"https://github.com/pimcore/pimcore/pull/18918"},{"reference_url":"https://github.com/pimcore/pimcore/releases/tag/v11.5.14","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/"}],"url":"https://github.com/pimcore/pimcore/releases/tag/v11.5.14"},{"reference_url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.1","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/"}],"url":"https://github.com/pimcore/pimcore/releases/tag/v12.3.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23493","reference_id":"CVE-2026-23493","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23493"},{"reference_url":"https://github.com/advisories/GHSA-q433-j342-rp9h","reference_id":"GHSA-q433-j342-rp9h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q433-j342-rp9h"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h","reference_id":"GHSA-q433-j342-rp9h","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T19:02:04Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73400?format=json","purl":"pkg:composer/pimcore/pimcore@11.5.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hmpr-1fgb-jqea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.5.14"},{"url":"http://public2.vulnerablecode.io/api/packages/73399?format=json","purl":"pkg:composer/pimcore/pimcore@12.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hmpr-1fgb-jqea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@12.3.1"}],"aliases":["CVE-2026-23493","GHSA-q433-j342-rp9h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrnf-q3z4-jfh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52012?format=json","vulnerability_id":"VCID-yxfb-p2aw-t3ga","summary":"Inappropriate Encoding for Output Context\nPimcore lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18981","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00874","published_at":"2026-06-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00885","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18981"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/0a5d80b2593b2ebe35d19756b730ba33aa049106","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/0a5d80b2593b2ebe35d19756b730ba33aa049106"},{"reference_url":"https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18981","reference_id":"CVE-2019-18981","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18981"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76193?format=json","purl":"pkg:composer/pimcore/pimcore@6.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qrb-ra1y-1uf3"},{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-23ea-6aqe-37eb"},{"vulnerability":"VCID-29a6-htj3-z3dr"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-3554-b9ab-rqc9"},{"vulnerability":"VCID-3qx3-fvbw-3fay"},{"vulnerability":"VCID-3y83-5tzw-g3h3"},{"vulnerability":"VCID-42wv-rbrs-43eh"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-66tj-dw5v-kqdm"},{"vulnerability":"VCID-6p5t-7h74-gueh"},{"vulnerability":"VCID-6sy7-7q66-g3b2"},{"vulnerability":"VCID-7km3-dmkc-dygb"},{"vulnerability":"VCID-8db4-zxk5-tqab"},{"vulnerability":"VCID-8mnw-8egh-cycq"},{"vulnerability":"VCID-8p88-g4b6-sfg3"},{"vulnerability":"VCID-91fn-ycss-c3c1"},{"vulnerability":"VCID-9k8b-a52b-47fx"},{"vulnerability":"VCID-a66j-sth4-d3dc"},{"vulnerability":"VCID-a9rr-m13m-yuc6"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-b5sk-cu89-hubw"},{"vulnerability":"VCID-b8x1-6xn4-c7gm"},{"vulnerability":"VCID-begq-psyd-fyh3"},{"vulnerability":"VCID-bqh2-mx6q-pygq"},{"vulnerability":"VCID-c2ht-41t3-eqaq"},{"vulnerability":"VCID-c8ex-6vwd-zkd4"},{"vulnerability":"VCID-ccyy-h9dp-cya2"},{"vulnerability":"VCID-cndq-yx1e-jkg7"},{"vulnerability":"VCID-cr5h-bz5b-jufg"},{"vulnerability":"VCID-cyfe-vput-1fbk"},{"vulnerability":"VCID-d3ns-rfuc-dkdp"},{"vulnerability":"VCID-d6cw-a4th-eueu"},{"vulnerability":"VCID-dakz-7vpr-ykbe"},{"vulnerability":"VCID-daqy-9srj-kkbc"},{"vulnerability":"VCID-de2k-yy77-6yhn"},{"vulnerability":"VCID-dmkv-tpma-qbfn"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-dt28-cwh4-gyga"},{"vulnerability":"VCID-e35r-qy72-4uaj"},{"vulnerability":"VCID-e9sz-xvw9-4fbb"},{"vulnerability":"VCID-ejnh-57m7-ffab"},{"vulnerability":"VCID-erpf-xa8n-afcf"},{"vulnerability":"VCID-f1st-tu3e-5qem"},{"vulnerability":"VCID-fjvx-uvar-6fcq"},{"vulnerability":"VCID-fk9y-7e4h-3uey"},{"vulnerability":"VCID-fkd6-pyag-kyc6"},{"vulnerability":"VCID-fzt2-896e-wudc"},{"vulnerability":"VCID-g2xz-1vbj-qufd"},{"vulnerability":"VCID-g8h5-e165-1bay"},{"vulnerability":"VCID-g8ha-yccg-p3f8"},{"vulnerability":"VCID-gt5w-6b92-1qfz"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-hz2p-k88z-nbdb"},{"vulnerability":"VCID-j8d3-zaj3-xuax"},{"vulnerability":"VCID-jmdu-dpju-abee"},{"vulnerability":"VCID-jv87-2e53-13as"},{"vulnerability":"VCID-kb9x-es6p-73eh"},{"vulnerability":"VCID-kw4t-2xte-b3du"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-muk7-qswq-j3cy"},{"vulnerability":"VCID-mvg7-d7ef-37fj"},{"vulnerability":"VCID-n6ne-ucpz-u3bb"},{"vulnerability":"VCID-n6nv-8sfz-mbce"},{"vulnerability":"VCID-nkvu-1mye-dfbm"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-p33r-uxhp-q3eu"},{"vulnerability":"VCID-p3g5-vbhk-h3h7"},{"vulnerability":"VCID-p3kp-be4v-nqca"},{"vulnerability":"VCID-ppb6-perx-z7g3"},{"vulnerability":"VCID-ppum-bu2e-b3hr"},{"vulnerability":"VCID-pygu-76pc-r7as"},{"vulnerability":"VCID-q4w5-13sd-xfdr"},{"vulnerability":"VCID-qh25-w41n-eubf"},{"vulnerability":"VCID-qrue-na7k-jkf6"},{"vulnerability":"VCID-rnht-mqx9-sucr"},{"vulnerability":"VCID-s6f2-dbzx-kugz"},{"vulnerability":"VCID-s6xd-j7a8-u3c8"},{"vulnerability":"VCID-sdww-bp7g-9ygj"},{"vulnerability":"VCID-shds-jhqq-ufd1"},{"vulnerability":"VCID-svwv-zn1s-xbdn"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-tn1v-4yx7-8uat"},{"vulnerability":"VCID-tx4m-dken-57hp"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-umwk-nrvg-6bg5"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-upjh-4jdt-xbgd"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-vra6-hemr-kuf1"},{"vulnerability":"VCID-vser-cuam-k7hs"},{"vulnerability":"VCID-w2hy-y2fn-m7gz"},{"vulnerability":"VCID-w2nk-gqyj-3yay"},{"vulnerability":"VCID-w3x1-neky-ckeg"},{"vulnerability":"VCID-wj8w-76xv-jucd"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-wqx5-j39q-7yep"},{"vulnerability":"VCID-wrtm-zhun-ffbt"},{"vulnerability":"VCID-xks7-nx83-9khy"},{"vulnerability":"VCID-xq4y-918u-yfe7"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"},{"vulnerability":"VCID-znuu-45u6-5uc7"},{"vulnerability":"VCID-zrfm-ght3-yfht"},{"vulnerability":"VCID-zybv-3qck-dqgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@6.2.2"}],"aliases":["CVE-2019-18981","GHSA-jhcf-j4hg-v64r"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxfb-p2aw-t3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44614?format=json","vulnerability_id":"VCID-znuu-45u6-5uc7","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.","references":[{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/da2af2d413b144b9a742118124457d13232d31fd","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/commit/da2af2d413b144b9a742118124457d13232d31fd"},{"reference_url":"https://huntr.dev/bounties/04447124-c7d4-477f-8364-91fe5b59cda0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/04447124-c7d4-477f-8364-91fe5b59cda0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1247","reference_id":"CVE-2023-1247","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1247"},{"reference_url":"https://github.com/advisories/GHSA-8wg7-88cg-7p9j","reference_id":"GHSA-8wg7-88cg-7p9j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8wg7-88cg-7p9j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64229?format=json","purl":"pkg:composer/pimcore/pimcore@11.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-4n21-ae6m-3qhk"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-u5a1-c9ar-3kg6"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@11.0.0"}],"aliases":["CVE-2023-1247","GHSA-8wg7-88cg-7p9j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znuu-45u6-5uc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45155?format=json","vulnerability_id":"VCID-zrfm-ght3-yfht","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2615","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01359","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2615"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:41:26Z/"}],"url":"https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f"},{"reference_url":"https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T19:41:26Z/"}],"url":"https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2615","reference_id":"CVE-2023-2615","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2615"},{"reference_url":"https://github.com/advisories/GHSA-q7cc-m6jw-m262","reference_id":"GHSA-q7cc-m6jw-m262","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q7cc-m6jw-m262"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262","reference_id":"GHSA-q7cc-m6jw-m262","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2615","GHSA-q7cc-m6jw-m262"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrfm-ght3-yfht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45076?format=json","vulnerability_id":"VCID-zybv-3qck-dqgs","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2328","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04597","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2328"},{"reference_url":"https://github.com/pimcore/pimcore","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore"},{"reference_url":"https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:51:34Z/"}],"url":"https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe"},{"reference_url":"https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:51:34Z/"}],"url":"https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2328","reference_id":"CVE-2023-2328","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2328"},{"reference_url":"https://github.com/advisories/GHSA-2295-vh28-pphc","reference_id":"GHSA-2295-vh28-pphc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2295-vh28-pphc"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc","reference_id":"GHSA-2295-vh28-pphc","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65004?format=json","purl":"pkg:composer/pimcore/pimcore@10.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21s4-mb97-v7bh"},{"vulnerability":"VCID-2gzw-gxs8-zkbq"},{"vulnerability":"VCID-53nb-8vf3-9ubb"},{"vulnerability":"VCID-b358-dxdm-vqe7"},{"vulnerability":"VCID-dmrj-fj5a-vqbh"},{"vulnerability":"VCID-hmpr-1fgb-jqea"},{"vulnerability":"VCID-m5ct-vypc-kbgv"},{"vulnerability":"VCID-nnem-28fp-xugy"},{"vulnerability":"VCID-tcpz-9zjx-q3c7"},{"vulnerability":"VCID-u66z-9utb-7uf2"},{"vulnerability":"VCID-u889-d2cm-2kfk"},{"vulnerability":"VCID-upfw-kpy5-3qd8"},{"vulnerability":"VCID-vqdy-2yzt-7qdf"},{"vulnerability":"VCID-wneb-ka1d-rfbw"},{"vulnerability":"VCID-xvhk-gv9z-53hb"},{"vulnerability":"VCID-yrnf-q3z4-jfh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21"}],"aliases":["CVE-2023-2328","GHSA-2295-vh28-pphc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zybv-3qck-dqgs"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@4.6.5"}