Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1w28-9z15-4qck
Vulnerability ID VCID-1w28-9z15-4qck
Aliases CVE-2021-4084
GHSA-8w3x-r6x7-c5r5
Summary pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00025 https://api.first.org/data/v1/epss?cve=CVE-2021-4084
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8w3x-r6x7-c5r5
cvssv3.1 6.1 https://github.com/pimcore/pimcore
generic_textual MODERATE https://github.com/pimcore/pimcore
cvssv3.1 6.1 https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065
generic_textual MODERATE https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065
cvssv3.1 6.1 https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266
generic_textual MODERATE https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-4084
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-4084
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-4084
https://github.com/pimcore/pimcore
https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065
https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266
CVE-2021-4084 https://nvd.nist.gov/vuln/detail/CVE-2021-4084
GHSA-8w3x-r6x7-c5r5 https://github.com/advisories/GHSA-8w3x-r6x7-c5r5
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pimcore/pimcore
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pimcore/pimcore/commit/3c2a14e676a57e5d77a16255965988eef48f9065
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://huntr.dev/bounties/dcb37f19-ba53-4498-b953-d21999279266
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4084
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.07649
EPSS Score 0.00025
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:56:25.279804+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2021-4084.yml 38.6.0