Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Pimcore — Vulnerabilities & Security Advisories 135

Browse all 135 CVE security advisories affecting Pimcore. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pimcore is an open-source digital experience platform primarily used for product information management and digital asset management. Its architecture, built on Symfony, exposes it to typical web application vulnerabilities. Historical Common Vulnerabilities and Exposures records indicate a prevalence of remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls within its content management modules. While no single catastrophic breach has defined its public history, the high volume of disclosed CVEs suggests persistent challenges in securing its complex feature set. Security assessments frequently highlight risks related to outdated dependencies and configuration errors. Organizations deploying this platform must prioritize rigorous patch management and continuous vulnerability scanning to mitigate the inherent risks associated with its extensive functionality and frequent updates.

Top products by Pimcore: pimcore/pimcore pimcore admin-ui-classic-bundle pimcore/customer-data-framework customer-data-framework Pimcore Customer Data Framework Pimcore AdminBundle pimcore/data-hub perspective-editor pimcore/demo pimcore/admin-ui-classic-bundle ecommerce-framework-bundle
CVE IDTitleCVSSSeverityPublished
CVE-2023-0827 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-02-14
CVE-2023-23937 Missing file upload type validation in pimcore/pimcore — pimcoreCWE-434 8.2 High2023-02-03
CVE-2023-0323 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-01-16
CVE-2022-39365 RCE vulnerability in Pimcore/Mail & Dynamic Text Layout — pimcoreCWE-94 9.8 Critical2022-10-27
CVE-2022-3255 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 3.5 -2022-09-21
CVE-2022-3211 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-09-15
CVE-2022-2796 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-08-23
CVE-2022-31092 SQL injection in pimcore — pimcoreCWE-89 7.5 High2022-06-27
CVE-2022-1429 SQL injection in GridHelperService.php in pimcore/pimcore — pimcore/pimcoreCWE-89 7.5 -2022-04-22
CVE-2022-1351 Stored XSS in Tooltip in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-04-14
CVE-2022-1339 SQL injection in ElementController.php in pimcore/pimcore — pimcore/pimcoreCWE-89 7.5 -2022-04-13
CVE-2022-1219 SQL injection in RecyclebinController.php in pimcore/pimcore — pimcore/pimcoreCWE-89 7.5 -2022-04-08
CVE-2022-0955 Cross-site Scripting (XSS) - Stored in pimcore/data-hub — pimcore/data-hubCWE-79 5.4 -2022-03-24
CVE-2022-0705 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-03-16
CVE-2022-0704 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-03-16
CVE-2022-0911 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-03-16
CVE-2022-0893 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-03-15
CVE-2022-0894 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-03-15
CVE-2022-0832 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-03-04
CVE-2022-0831 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-03-04
CVE-2022-0665 Path Traversal in pimcore/pimcore — pimcore/pimcoreCWE-22 6.5 -2022-02-22
CVE-2022-0565 Cross-site Scripting in pimcore/pimcore — pimcore/pimcoreCWE-79 7.6 High2022-02-12
CVE-2022-0510 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-02-08
CVE-2022-0509 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-02-08
CVE-2022-0348 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-01-27
CVE-2022-0251 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-01-26
CVE-2022-0285 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-01-20
CVE-2022-0263 Unrestricted Upload of File with Dangerous Type in pimcore/pimcore — pimcore/pimcoreCWE-434 8.8 -2022-01-18
CVE-2022-0262 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2022-01-18
CVE-2021-4146 Business Logic Errors in pimcore/pimcore — pimcore/pimcoreCWE-840 4.3 -2022-01-18

This page lists every published CVE security advisory associated with Pimcore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.