huntr: pimcore/pimcore

pimcore / pimcore

Core Framework for the Open Source Data & Experience Management Platform (PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce)

Submit a report

FIRST INTERACTION

WITHIN3 DAYS

REVIEW

WITHIN24 DAYS

FIX

WITHIN21 DAYS

pimcore

Cross-site Scripting (XSS) - Stored

Oct 16th 2023

self closed

pimcore

CSRF Leading to create a new customer

Sep 21st 2023

pending

pimcore

Session do not expiring on successful password reset

Aug 14th 2024

duplicate

Medium

pimcore

Session is still valid after changing password

Aug 14th 2024

self closed

pimcore

Stored html injection

Oct 4th 2023

not applicable

pimcore

host header injection leads to open redirect on https://demo.pimcore.fun/admin

Aug 3rd 2023

bevennyamande•

informative

None

pimcore

Stored XSS via SVG File Upload

Aug 30th 2023

hackeruniverse•

informative

High

pimcore

SQL injection in Data Objects function

Jul 21st 2023

High

•$40

High

•$40•CVE-2023-3820

pimcore

Stored html injection on segment name

Jul 26th 2023

si13ntr311ik•

self closed

pimcore

Confidential information provided to user with no permissions

Jul 21st 2023

High

•$40

High

•$40•CVE-2023-3819

pimcore

SQL injection in some Admin Sort functions

Jul 14th 2023

High

•$40

High

•$40•CVE-2023-3673

pimcore

Business Logic Bypass - Ability to create new Customer with Newsletter Confirmed...

Jul 31st 2023

informative

High

pimcore

Exposed php info that contains sensitive informations

May 22nd 2023

anasboulbali•

not applicable

pimcore

Busines Logic Errors when buying cars

Jun 2nd 2023

abdulmajidmk•

not applicable

pimcore

privilege escalation with least config

May 30th 2023

Medium

•$15

Medium

•$15•CVE-2023-2983

pimcore

Stored XSS in module Snippet of "/en/shared/teasers/News"

Jul 17th 2023

duplicate

Medium

pimcore

Stored xss in module name "Content-Page"

Jul 20th 2023

informative

Medium

pimcore

Stored XSS in module name "Edit Link"

Jul 21st 2023

Medium

•$15

Medium

•$15•CVE-2023-3822

pimcore

Stored XSS in module name "Search Documents"

Jul 21st 2023

Medium

•$15

Medium

•$15•CVE-2023-3821

pimcore

Account Takeover

Oct 11th 2023

informative

High

pimcore

Pre-Auth Path traversal in pimcore_log, leading potential DOS

May 30th 2023

Medium

•$15

Medium

•$15•CVE-2023-2984

pimcore

XSS in Documents

May 22nd 2023

duplicate

Medium

pimcore

HTML injection in Documents, Data Objects and Assets of System Settings

May 3rd 2023

informative

Medium

pimcore

HTML injection in Conditions of Global Targeting Rules

May 3rd 2023

informative

Medium

pimcore

Full Path Disclosure (FPD) via re-export document

Nov 9th 2023

self closed

pimcore

HTML injection in DateTime of Classes in Data Objects module

May 2nd 2023

khanhchauminh•

duplicate

Medium

pimcore

HTML injection in Application Logger module

May 2nd 2023

khanhchauminh•

informative

Medium

pimcore

XSS in Document Home Page

May 22nd 2023

informative

Medium

pimcore

XSS in choose time value Classes Data Objects

Aug 21st 2023

Medium

•$15

Medium

•$15•CVE-2023-4453

pimcore

Business Logic Errors in Customer automation rules

Apr 25th 2023

khanhchauminh•

informative

Medium

pimcore

XSS in Seo & Settings tab of Documents in pimcore/pimcore

May 16th 2023

Medium

•$15

Medium

•$15•CVE-2023-2730

pimcore

ADMIN OWNER LEAKAGE LEAD TO IMPROPER ACCESS CONTROL

Apr 20th 2023

informative

High

pimcore

ADMIN EMAIL OWNER LEAKAGE LEAD TO IMPROPER ACCESS CONTROL

Apr 19th 2023

informative

High

pimcore

SQL injection in AssetController.php

Apr 13th 2023

duplicate

High

pimcore

XSS in Translations

May 10th 2023

Medium

•$15

Medium

•$15•CVE-2023-2630

pimcore

Stored cross site scripting vulnerability in operator any getter in pimcore grid...

Apr 27th 2023

Medium

•$15

Medium

•$15•CVE-2023-2339

pimcore

Bypass Stored XSS in Catalog

Apr 28th 2023

Medium

•$15

Medium

•$15•CVE-2023-2361

pimcore

Stored cross site scripting vulnerability in Save grid option in pimcore dashboa...

Apr 27th 2023

Medium

•$15

Medium

•$15•CVE-2023-2340

pimcore

Stored XSS in editable content

May 22nd 2023

informative

Medium

pimcore

XSS in Conditions tab of Pricing Rules

Apr 27th 2023

Medium

•$15

Medium

•$15•CVE-2023-2332

pimcore

multiple unrestricted file operations functionalities leading to RCE

Mar 28th 2023

not applicable

pimcore

arbitrary file read

Apr 27th 2023

Medium

•$15

Medium

•$15•CVE-2023-2336

pimcore

Mar 28th 2023

not applicable

pimcore

XSS in Classification Store of Data Objects module in Settings

Apr 27th 2023

khanhchauminh•

Medium

•$15

Medium

•$15•CVE-2023-2343

pimcore

XSS in Upload file PDF in pimcore/pimcore

Oct 31st 2023

Medium

Medium

•CVE-2023-5873

pimcore

XSS in Quantity Value of Data Objects module in Settings

Apr 27th 2023

khanhchauminh•

Medium

•$15

Medium

•$15•CVE-2023-2328

pimcore

XSS in Classes of Data Objects module in Settings

Apr 27th 2023

khanhchauminh•

Medium

•$15

Medium

•$15•CVE-2023-2327

pimcore

Dom-based XSS in Website Settings module in Settings

Apr 27th 2023

khanhchauminh•

Medium

•$15

Medium

•$15•CVE-2023-2342

pimcore

Apr 27th 2023

High

•$40

High

•$40•CVE-2023-2338

pimcore

Stored XSS in text editor

Aug 21st 2023

informative

Medium

pimcore

Cross site scripting on the login page

Apr 27th 2023

anasboulbali•

High

•$40

High

•$40•CVE-2023-2341

pimcore

Stored XSS in Featurette Module

May 22nd 2023

informative

Medium

pimcore

Reflected XSS in Predefined Metadata Definitions

Mar 31st 2023

self closed

pimcore

Stored XSS via name parameter of "Predefined Properties"

Mar 22nd 2023

Medium

•$15

Medium

•$15•CVE-2023-2615

pimcore

Stored XSS in name parameter of "Customers Reports"

Mar 22nd 2023

Medium

•$15

Medium

•$15•CVE-2023-2614

pimcore

Stored XSS in name parameter of "Static Routes"

Mar 22nd 2023

Medium

•$15

Medium

•$15•CVE-2023-2616

pimcore

Multiple Stored XSS in name parameter of "Pricing Rules", "Predefined Properties...

Apr 27th 2023

Medium

•$18

Medium

•$18•CVE-2023-2323

pimcore

Cross site scripting on setting module

Mar 29th 2023

Medium

•$15

Medium

•$15•CVE-2023-1704

pimcore

Stored XSS in Properties Parameter

Apr 27th 2023

Medium

•$15

Medium

•$15•CVE-2023-2322

pimcore

Password reset link not expired

May 2nd 2023

informative

Medium

pimcore

XSS in Predefined Asset Metadata module in Settings

Mar 29th 2023

Medium

•$15

Medium

•$15•CVE-2023-1702

pimcore

Reflected XSS in Predefined Properties module in Settings

Mar 29th 2023

Medium

•$15

Medium

•$15•CVE-2023-1701

pimcore

Cross Site Scripting (XSS) in Layers of Image

Mar 15th 2023

informative

Medium

pimcore

XSS in Document Types module in Settings

Mar 16th 2023

khanhchauminh•

Medium

•$15

Medium

•$15•CVE-2023-1429

pimcore

cross site scripting

Mar 29th 2023

Medium

•$15

Medium

•$15•CVE-2023-1703

pimcore

Cross Site Scripting (XSS) in UrlSlug

Mar 16th 2023

Medium

•$15

Medium

•$15

pimcore

XSS in Schedule tab of Documents

Mar 20th 2023

khanhchauminh•

Medium

•$15

Medium

•$15•CVE-2023-1517

pimcore

Bypass Stored cross site scripting in html-tags in seo&setting in home

Mar 9th 2023

rutvikhajare•

duplicate

High

pimcore

XSS Stored in perspective name

Mar 9th 2023

self closed

pimcore

Reflected XSS in Application Logger module

Mar 10th 2023

khanhchauminh•

Medium

•$15

Medium

•$15•CVE-2023-1312

pimcore

Stored XSS when delete an email in Blacklist

Mar 1st 2023

khanhchauminh•

self closed

pimcore

Stored xss in print generate and preview pdf

Mar 9th 2023

Medium

•$15

Medium

•$15•CVE-2023-1286

pimcore

Stored XSS in the Redirects module

Mar 20th 2023

khanhchauminh•

Medium

•$15

Medium

•$15•CVE-2023-1515

pimcore

SQL injection search function

Mar 22nd 2023

Medium

•$15

Medium

•$15•CVE-2023-1578

pimcore

Stored XSS in 'Basic function'

Feb 27th 2023

duplicate

High

pimcore

XSS in GDPR Data Extractor

Feb 27th 2023

duplicate

High

pimcore

XSS in button home page

Mar 1st 2023

High

•$40

High

•$40•CVE-2023-1115

pimcore

Vulnerable JavaScript dependency

Feb 23rd 2023

informative

High

pimcore

XSS via Error Logic

Feb 19th 2023

duplicate

Critical

pimcore

No length on password lead to Dos

Feb 21st 2023

informative

High

pimcore

No Rate Limit On Forgot Password Lead to Email Boombing

Feb 21st 2023

informative

Medium

pimcore

Weak Password Policy Lead to Account Takeover

Feb 21st 2023

informative

Critical

pimcore

Cross-site Scripting (XSS) - Stored

Mar 1st 2023

Medium

•$15

Medium

•$15•CVE-2023-1117

pimcore

XSS Stored in the email address

Feb 27th 2023

Medium

Medium

•CVE-2023-1067

pimcore

Stored XSS in Email Blacklist Function

Mar 1st 2023

Medium

Medium

•CVE-2023-1116

pimcore

EXIF Geolocation Data Not Stripped From Uploaded Images

Feb 21st 2023

not applicable

pimcore

Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug

Feb 14th 2023

Medium

Medium

•CVE-2023-0827

pimcore

Stored Cross site scripting in pimcore/pimcore

Feb 3rd 2023

duplicate

Medium

pimcore

XSS in HTML-Tags

Mar 7th 2023

Medium

•$15

Medium

•$15•CVE-2023-1247

pimcore

User/Mail Enumeration through Passwort Reset and Registration Functionality

Jan 30th 2023

informative

Medium

pimcore

User Termination after Logout not working properly

Jan 30th 2023

informative

Medium

pimcore

Reflected XSS at "https://demo.pimcore.com/admin/" `perspective=` Parameter

Feb 1st 2023

self closed

pimcore

Cross-site request forgery (CSRF)

Jan 24th 2023

informative

Medium

pimcore

Denial of service when enter long Password

Jan 24th 2023

informative

None

pimcore

File Upload Type Validation Error

Feb 1st 2023

High

High

pimcore

Cross site scripting vulnerability in pimcore

Jan 16th 2023

Medium

Medium

•CVE-2023-0323

pimcore

Reflected XSS In User/Roles Function

Sep 21st 2022

Medium

Medium

•CVE-2022-3255

pimcore

Error content is leak

Sep 19th 2022

uonghoangminhchau•

informative

Medium

pimcore

Stored Cross Site Scripting (XSS) via "properties" during creating new users

Sep 14th 2022

Medium

Medium

•CVE-2022-3211

pimcore

[CVE-2022-2796] Bypass | Stored XSS on Admin Translations

Aug 30th 2022

duplicate

High

pimcore

Stored XSS on Admin Translations

Aug 22nd 2022

Medium

Medium

•CVE-2022-2796

pimcore

Remote code execution

Jul 25th 2022

informative

Critical

pimcore

Store XSS via upload html file

Jul 25th 2022

not applicable

pimcore

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Jul 20th 2022

Medium

Medium

pimcore

SQL injection in GridHelperService.php

Apr 22nd 2022

High

•$15

High

•$15•CVE-2022-1429

pimcore

XSS in Setting/Bundle & Briques

Apr 12th 2022

not applicable

pimcore

SQL injection in ElementController.php

Apr 13th 2022

High

•$15

High

•$15•CVE-2022-1339

pimcore

SQL injection in RecyclebinController.php

Apr 7th 2022

High

•$15

High

•$15•CVE-2022-1219

pimcore

Stored XSS when using Ext.form.TextField without proper renderer

Apr 11th 2022

not applicable

pimcore

Stored XSS in Tooltip

Apr 14th 2022

Medium

Medium

•CVE-2022-1351

pimcore

Cross-site Scripting (XSS) - Stored

Mar 15th 2022

Medium

Medium

•CVE-2022-0911

pimcore

Cross-site Scripting (XSS) - Stored

Mar 15th 2022

Medium

Medium

•CVE-2022-0893

pimcore

Cross-site Scripting (XSS) - Stored

Mar 15th 2022

High

•$15

High

•$15•CVE-2022-0894

pimcore

Cross-site Scripting (XSS) - Stored

Mar 4th 2022

khanhchauminh•

Medium

Medium

•CVE-2022-0831

pimcore

Cross-site Scripting (XSS) - Stored

Mar 4th 2022

khanhchauminh•

Medium

Medium

•CVE-2022-0832

pimcore

Feb 22nd 2022

Medium

•$8

Medium

•$8•CVE-2022-0665

pimcore

Cross-site Scripting (XSS) - Stored

Mar 15th 2022

Medium

•$15

Medium

•$15•CVE-2022-0705

pimcore

Cross-site Scripting (XSS) - Stored

Mar 15th 2022

Medium

•$15

Medium

•$15•CVE-2022-0704

pimcore

Cross-site Scripting (XSS) - Stored

Feb 7th 2022

Medium

Medium

•CVE-2022-0509

pimcore

Cross-site Scripting (XSS) - Reflected

Feb 7th 2022

Medium

•$20

Medium

•$20•CVE-2022-0510

pimcore

Exposure of Sensitive Information to an Unauthorized Actor

Feb 11th 2022

High

•$40

High

•$40•CVE-2022-0565

pimcore

Cross-site Scripting (XSS) - Stored

Jan 27th 2022

Medium

•$12

Medium

•$12•CVE-2022-0348

pimcore

Cross-site Scripting (XSS) - Stored

Jan 19th 2022

Medium

Medium

•CVE-2022-0285

pimcore

Unrestricted Upload of File with Dangerous Type

Jan 17th 2022

Medium

•$30

Medium

•$30•CVE-2022-0263

pimcore

Cross-site Scripting (XSS) - Stored

Jan 17th 2022

Medium

•$25

Medium

•$25•CVE-2022-0262

pimcore

Cross-site Scripting (XSS) - Stored

Jan 17th 2022

khanhchauminh•

Medium

•$25

Medium

•$25•CVE-2022-0260

pimcore

Jan 17th 2022

High

•$50

High

•$50•CVE-2022-0258

pimcore

Cross-site Scripting (XSS) - Stored

Jan 17th 2022

Medium

Medium

•CVE-2022-0257

pimcore

Cross-site Scripting (XSS) - Stored

Jan 17th 2022

Medium

Medium

•CVE-2022-0256

pimcore

Cross-site Scripting (XSS) - Stored

Jan 25th 2022

High

•$5

High

•$5•CVE-2022-0251

pimcore

Cross-site Scripting (XSS) - Stored

Dec 21st 2021

Medium

•$55

Medium

•$55•CVE-2021-4139

pimcore

Business Logic Errors

Jan 17th 2022

Medium

•$50

Medium

•$50•CVE-2021-4146

pimcore

Cross-site Scripting (XSS) - Reflected

Dec 9th 2021

khanhchauminh•

Medium

•$25

Medium

•$25•CVE-2021-4081

pimcore

Cross-Site Request Forgery (CSRF)

Dec 9th 2021

khanhchauminh•

Medium

•$25

Medium

•$25•CVE-2021-4082

pimcore

Cross-site Scripting (XSS) - Stored

Dec 9th 2021

shellinjector•

High

•$25

High

•$25•CVE-2021-4084

pimcore

Cross-site Scripting (XSS) - Stored

Oct 29th 2021

shellinjector•

Critical

•$25

Critical

•$25

pimcore

Unrestricted Upload of File with Dangerous Type

Oct 25th 2021

Medium

•$40

Medium

•$40

pimcore

Server-Side Request Forgery (SSRF)

Oct 22nd 2021

High

•$32

High

•$32

pimcore

Observable Response Discrepancy

Sep 2nd 2021

Medium

•$40

Medium

•$40

pimcore

Cross-site Scripting (XSS) - Stored

Aug 31st 2021

Medium

Medium

pimcore

Cross-site Scripting (XSS) - Stored

Aug 30th 2021

High

•$40

High

•$40

pimcore

Cross-site Scripting (XSS) - Stored

Aug 27th 2021

Medium

•$40

Medium

•$40

pimcore

Cross-Site Request Forgery (CSRF)

Jul 30th 2021

Medium

•$36

Medium

•$36

pimcore

Weak Password Requirements

Jul 28th 2021

sudheendra17•

Medium

Medium

pimcore

Cross-Site Request Forgery (CSRF)

Jul 28th 2021

High

•$40

High

•$40

pimcore

Business Logic Errors

Jul 27th 2021

High

•$40

High

•$40

pimcore

Cross-site Scripting (XSS) - Stored

Aug 26th 2021

Medium

•$32

Medium

•$32

CRITICAL

$0

HIGH

$0

MEDIUM

$0

LOW

$0