Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pimcore — Vulnerabilities & Security Advisories 135

Browse all 135 CVE security advisories affecting pimcore. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pimcore is an open-source digital experience platform primarily used for product information management and digital asset management. Its architecture, built on Symfony, exposes it to typical web application vulnerabilities. Historical Common Vulnerabilities and Exposures records indicate a prevalence of remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls within its content management modules. While no single catastrophic breach has defined its public history, the high volume of disclosed CVEs suggests persistent challenges in securing its complex feature set. Security assessments frequently highlight risks related to outdated dependencies and configuration errors. Organizations deploying this platform must prioritize rigorous patch management and continuous vulnerability scanning to mitigate the inherent risks associated with its extensive functionality and frequent updates.

Top products by pimcore: pimcore/pimcore pimcore admin-ui-classic-bundle pimcore/customer-data-framework customer-data-framework Pimcore Customer Data Framework Pimcore AdminBundle pimcore/data-hub perspective-editor pimcore/demo pimcore/admin-ui-classic-bundle ecommerce-framework-bundle
CVE IDTitleCVSSSeverityPublished
CVE-2023-2343 Cross-site Scripting (XSS) - DOM in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27
CVE-2023-2342 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27
CVE-2023-2341 Cross-site Scripting (XSS) - Generic in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27
CVE-2023-2340 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27
CVE-2023-2339 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27
CVE-2023-2338 SQL Injection in pimcore/pimcore — pimcore/pimcoreCWE-89 8.8 -2023-04-27
CVE-2023-2336 Path Traversal in pimcore/pimcore — pimcore/pimcoreCWE-22 6.5 -2023-04-27
CVE-2023-2328 Cross-site Scripting (XSS) - Generic in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27
CVE-2023-2327 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27
CVE-2023-2323 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27
CVE-2023-2322 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-04-27
CVE-2023-28850 Pimcore Perspective Editor vulnerable to Cross-site Scripting in perspective name — perspective-editorCWE-79 6.1 Medium2023-04-03
CVE-2023-1701 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-29
CVE-2023-1702 Cross-site Scripting (XSS) - Generic in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-29
CVE-2023-1703 Cross-site Scripting (XSS) - Generic in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-29
CVE-2023-1704 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-29
CVE-2023-28438 Pimcore vulnerable to improper quoting of filters in Custom Reports — pimcoreCWE-89 6.2 Medium2023-03-22
CVE-2023-1578 SQL Injection in pimcore/pimcore — pimcore/pimcoreCWE-89 8.8 -2023-03-22
CVE-2023-28429 Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field — pimcoreCWE-79 6.1 Medium2023-03-20
CVE-2023-1515 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-20
CVE-2023-1517 Cross-site Scripting (XSS) - DOM in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-20
CVE-2023-28108 Pimcore has improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model — pimcoreCWE-89 7.9 High2023-03-16
CVE-2023-28106 Pimcore vulnerable to Cross-site Scripting in UrlSlug Data type — pimcoreCWE-79 6.1 Medium2023-03-16
CVE-2023-1429 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-16
CVE-2023-1312 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-10
CVE-2023-1286 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-09
CVE-2023-1115 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-01
CVE-2023-1116 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-01
CVE-2023-1117 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-03-01
CVE-2023-1067 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcoreCWE-79 5.4 -2023-02-27

This page lists every published CVE security advisory associated with pimcore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.