Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/65004?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "type": "composer", "namespace": "pimcore", "name": "pimcore", "version": "10.5.21", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "10.5.22", "latest_non_vulnerable_version": "12.3.3", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45087?format=api", "vulnerability_id": "VCID-6p5t-7h74-gueh", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nPath Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4" }, { "reference_url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2336", "reference_id": "CVE-2023-2336", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2336" }, { "reference_url": "https://github.com/advisories/GHSA-hg77-vx9v-f49x", "reference_id": "GHSA-hg77-vx9v-f49x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hg77-vx9v-f49x" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x", "reference_id": "GHSA-hg77-vx9v-f49x", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-hg77-vx9v-f49x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2336", "GHSA-hg77-vx9v-f49x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6p5t-7h74-gueh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45153?format=api", "vulnerability_id": "VCID-begq-psyd-fyh3", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38" }, { "reference_url": "https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2630", "reference_id": "CVE-2023-2630", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2630" }, { "reference_url": "https://github.com/advisories/GHSA-w766-3572-f2hv", "reference_id": "GHSA-w766-3572-f2hv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w766-3572-f2hv" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv", "reference_id": "GHSA-w766-3572-f2hv", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-w766-3572-f2hv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2630", "GHSA-w766-3572-f2hv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-begq-psyd-fyh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45086?format=api", "vulnerability_id": "VCID-bqh2-mx6q-pygq", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e" }, { "reference_url": "https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2323", "reference_id": "CVE-2023-2323", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2323" }, { "reference_url": "https://github.com/advisories/GHSA-cjv6-w5hf-5wr6", "reference_id": "GHSA-cjv6-w5hf-5wr6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cjv6-w5hf-5wr6" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6", "reference_id": "GHSA-cjv6-w5hf-5wr6", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-cjv6-w5hf-5wr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2323", "GHSA-cjv6-w5hf-5wr6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bqh2-mx6q-pygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45063?format=api", "vulnerability_id": "VCID-ccyy-h9dp-cya2", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564" }, { "reference_url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2342", "reference_id": "CVE-2023-2342", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2342" }, { "reference_url": "https://github.com/advisories/GHSA-2c67-p4xh-m34w", "reference_id": "GHSA-2c67-p4xh-m34w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2c67-p4xh-m34w" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w", "reference_id": "GHSA-2c67-p4xh-m34w", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2c67-p4xh-m34w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2342", "GHSA-2c67-p4xh-m34w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccyy-h9dp-cya2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45070?format=api", "vulnerability_id": "VCID-cr5h-bz5b-jufg", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e" }, { "reference_url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2343", "reference_id": "CVE-2023-2343", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2343" }, { "reference_url": "https://github.com/advisories/GHSA-9q7q-r54q-3f3g", "reference_id": "GHSA-9q7q-r54q-3f3g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9q7q-r54q-3f3g" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g", "reference_id": "GHSA-9q7q-r54q-3f3g", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9q7q-r54q-3f3g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2343", "GHSA-9q7q-r54q-3f3g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cr5h-bz5b-jufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45066?format=api", "vulnerability_id": "VCID-cyfe-vput-1fbk", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11" }, { "reference_url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2341", "reference_id": "CVE-2023-2341", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2341" }, { "reference_url": "https://github.com/advisories/GHSA-fq95-rx4q-qgg2", "reference_id": "GHSA-fq95-rx4q-qgg2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fq95-rx4q-qgg2" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2", "reference_id": "GHSA-fq95-rx4q-qgg2", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2341", "GHSA-fq95-rx4q-qgg2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyfe-vput-1fbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45085?format=api", "vulnerability_id": "VCID-d6cw-a4th-eueu", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/c6c80905e58c7724c776f980570a56df7016c6d1.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/pull/14968" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30849", "reference_id": "CVE-2023-30849", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30849" }, { "reference_url": "https://github.com/advisories/GHSA-xmg8-w465-mr56", "reference_id": "GHSA-xmg8-w465-mr56", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xmg8-w465-mr56" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56", "reference_id": "GHSA-xmg8-w465-mr56", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-xmg8-w465-mr56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30849", "GHSA-xmg8-w465-mr56" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6cw-a4th-eueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45067?format=api", "vulnerability_id": "VCID-e35r-qy72-4uaj", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480" }, { "reference_url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2339", "reference_id": "CVE-2023-2339", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2339" }, { "reference_url": "https://github.com/advisories/GHSA-6fvf-x8c6-2f6j", "reference_id": "GHSA-6fvf-x8c6-2f6j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6fvf-x8c6-2f6j" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j", "reference_id": "GHSA-6fvf-x8c6-2f6j", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6fvf-x8c6-2f6j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2339", "GHSA-6fvf-x8c6-2f6j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e35r-qy72-4uaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45074?format=api", "vulnerability_id": "VCID-e9sz-xvw9-4fbb", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/21e35af721c375ef4676ed50835e30d828e76520" }, { "reference_url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2338", "reference_id": "CVE-2023-2338", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2338" }, { "reference_url": "https://github.com/advisories/GHSA-4x35-vr82-xvj6", "reference_id": "GHSA-4x35-vr82-xvj6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4x35-vr82-xvj6" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6", "reference_id": "GHSA-4x35-vr82-xvj6", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-4x35-vr82-xvj6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2338", "GHSA-4x35-vr82-xvj6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e9sz-xvw9-4fbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45079?format=api", "vulnerability_id": "VCID-fk9y-7e4h-3uey", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e" }, { "reference_url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2340", "reference_id": "CVE-2023-2340", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2340" }, { "reference_url": "https://github.com/advisories/GHSA-g93x-fm2w-5pxw", "reference_id": "GHSA-g93x-fm2w-5pxw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g93x-fm2w-5pxw" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw", "reference_id": "GHSA-g93x-fm2w-5pxw", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-g93x-fm2w-5pxw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2340", "GHSA-g93x-fm2w-5pxw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fk9y-7e4h-3uey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45078?format=api", "vulnerability_id": "VCID-fzt2-896e-wudc", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the \"scriptPath\" parameter and the file name in the \"scripts\" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/498cadec2292f7842fb10612068ac78496e884b4.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/pull/14959" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30852", "reference_id": "CVE-2023-30852", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30852" }, { "reference_url": "https://github.com/advisories/GHSA-j5c3-r84f-9596", "reference_id": "GHSA-j5c3-r84f-9596", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j5c3-r84f-9596" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596", "reference_id": "GHSA-j5c3-r84f-9596", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-j5c3-r84f-9596" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30852", "GHSA-j5c3-r84f-9596" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fzt2-896e-wudc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45154?format=api", "vulnerability_id": "VCID-g8h5-e165-1bay", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091" }, { "reference_url": "https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/564cb512-2bcc-4458-8c20-88110ab45801" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2616", "reference_id": "CVE-2023-2616", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2616" }, { "reference_url": "https://github.com/advisories/GHSA-mhpj-7m7h-8p6x", "reference_id": "GHSA-mhpj-7m7h-8p6x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mhpj-7m7h-8p6x" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x", "reference_id": "GHSA-mhpj-7m7h-8p6x", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-mhpj-7m7h-8p6x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2616", "GHSA-mhpj-7m7h-8p6x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8h5-e165-1bay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45080?format=api", "vulnerability_id": "VCID-g8ha-yccg-p3f8", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/25ad8674886f2b938243cbe13e33e204a2e35cc3.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/pull/14972" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30848", "reference_id": "CVE-2023-30848", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30848" }, { "reference_url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8", "reference_id": "GHSA-6mhm-gcpf-5gr8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6mhm-gcpf-5gr8" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8", "reference_id": "GHSA-6mhm-gcpf-5gr8", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-6mhm-gcpf-5gr8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30848", "GHSA-6mhm-gcpf-5gr8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ha-yccg-p3f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45069?format=api", "vulnerability_id": "VCID-j8d3-zaj3-xuax", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f" }, { "reference_url": "https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2327", "reference_id": "CVE-2023-2327", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2327" }, { "reference_url": "https://github.com/advisories/GHSA-x9xj-pqmv-8jf7", "reference_id": "GHSA-x9xj-pqmv-8jf7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x9xj-pqmv-8jf7" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7", "reference_id": "GHSA-x9xj-pqmv-8jf7", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-x9xj-pqmv-8jf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2327", "GHSA-x9xj-pqmv-8jf7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8d3-zaj3-xuax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45094?format=api", "vulnerability_id": "VCID-jmdu-dpju-abee", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a" }, { "reference_url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2361", "reference_id": "CVE-2023-2361", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2361" }, { "reference_url": "https://github.com/advisories/GHSA-9xg6-75mh-7x3f", "reference_id": "GHSA-9xg6-75mh-7x3f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9xg6-75mh-7x3f" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f", "reference_id": "GHSA-9xg6-75mh-7x3f", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2361", "GHSA-9xg6-75mh-7x3f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmdu-dpju-abee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45081?format=api", "vulnerability_id": "VCID-p3g5-vbhk-h3h7", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773" }, { "reference_url": "https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2322", "reference_id": "CVE-2023-2322", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2322" }, { "reference_url": "https://github.com/advisories/GHSA-476g-v7hf-cw5m", "reference_id": "GHSA-476g-v7hf-cw5m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-476g-v7hf-cw5m" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m", "reference_id": "GHSA-476g-v7hf-cw5m", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2322", "GHSA-476g-v7hf-cw5m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p3g5-vbhk-h3h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45151?format=api", "vulnerability_id": "VCID-q4w5-13sd-xfdr", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7" }, { "reference_url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2614", "reference_id": "CVE-2023-2614", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2614" }, { "reference_url": "https://github.com/advisories/GHSA-m6m9-gr85-79vm", "reference_id": "GHSA-m6m9-gr85-79vm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m6m9-gr85-79vm" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm", "reference_id": "GHSA-m6m9-gr85-79vm", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-m6m9-gr85-79vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2614", "GHSA-m6m9-gr85-79vm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4w5-13sd-xfdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45064?format=api", "vulnerability_id": "VCID-tx4m-dken-57hp", "summary": "Cross-site Scripting (XSS) in Conditions tab of Pricing Rules\nThis vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe" }, { "reference_url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2332", "reference_id": "CVE-2023-2332", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2332" }, { "reference_url": "https://github.com/advisories/GHSA-r7mm-jx6h-hv7m", "reference_id": "GHSA-r7mm-jx6h-hv7m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r7mm-jx6h-hv7m" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m", "reference_id": "GHSA-r7mm-jx6h-hv7m", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-r7mm-jx6h-hv7m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2332", "GHSA-r7mm-jx6h-hv7m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tx4m-dken-57hp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45082?format=api", "vulnerability_id": "VCID-w2hy-y2fn-m7gz", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38" }, { "reference_url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch" }, { "reference_url": "https://github.com/pimcore/pimcore/pull/14952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/pull/14952" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30850", "reference_id": "CVE-2023-30850", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30850" }, { "reference_url": "https://github.com/advisories/GHSA-jwg4-qcgv-5wg6", "reference_id": "GHSA-jwg4-qcgv-5wg6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jwg4-qcgv-5wg6" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6", "reference_id": "GHSA-jwg4-qcgv-5wg6", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-jwg4-qcgv-5wg6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-30850", "GHSA-jwg4-qcgv-5wg6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2hy-y2fn-m7gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45155?format=api", "vulnerability_id": "VCID-zrfm-ght3-yfht", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/7a799399e6843cd049e85da27ceb75b78505317f" }, { "reference_url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/af9c360a-87f8-4e97-a24b-6db675ee942a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2615", "reference_id": "CVE-2023-2615", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2615" }, { "reference_url": "https://github.com/advisories/GHSA-q7cc-m6jw-m262", "reference_id": "GHSA-q7cc-m6jw-m262", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q7cc-m6jw-m262" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262", "reference_id": "GHSA-q7cc-m6jw-m262", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-q7cc-m6jw-m262" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2615", "GHSA-q7cc-m6jw-m262" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrfm-ght3-yfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45076?format=api", "vulnerability_id": "VCID-zybv-3qck-dqgs", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.", "references": [ { "reference_url": "https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe" }, { "reference_url": "https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2328", "reference_id": "CVE-2023-2328", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2328" }, { "reference_url": "https://github.com/advisories/GHSA-2295-vh28-pphc", "reference_id": "GHSA-2295-vh28-pphc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2295-vh28-pphc" }, { "reference_url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc", "reference_id": "GHSA-2295-vh28-pphc", "reference_type": "", "scores": [], "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-2295-vh28-pphc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65004?format=api", "purl": "pkg:composer/pimcore/pimcore@10.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" } ], "aliases": [ "CVE-2023-2328", "GHSA-2295-vh28-pphc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zybv-3qck-dqgs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/pimcore@10.5.21" }