aryaantony92

15 exploits Active since Apr 2022
CVE-2022-1339 WRITEUP HIGH WRITEUP
Pimcore < 10.3.5 - SQL Injection
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
CVSS 7.5
CVE-2023-1701 WRITEUP MEDIUM WRITEUP
pimcore <10.5.20 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.
CVSS 5.4
CVE-2023-1702 WRITEUP MEDIUM WRITEUP
pimcore <10.5.20 - XSS
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
CVSS 5.4
CVE-2023-2322 WRITEUP MEDIUM WRITEUP
pimcore <10.5.21 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS 5.4
CVE-2023-2323 WRITEUP MEDIUM WRITEUP
pimcore <10.5.21 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS 5.4
CVE-2023-2332 WRITEUP MEDIUM WRITEUP
pimcore <10.5.19 - XSS
A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.
CVSS 4.8
CVE-2023-2614 WRITEUP MEDIUM WRITEUP
pimcore <10.5.21 - XSS
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
CVSS 5.4
CVE-2023-2881 WRITEUP MEDIUM WRITEUP
pimcore/customer-data-framework <3.3.10 - Info Disclosure
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.
CVSS 4.9
CVE-2023-37280 WRITEUP MEDIUM WRITEUP
Pimcore Admin Classic Bundle < 1.0.3 - XSS
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3.
CVSS 5.0
CVE-2023-3821 WRITEUP MEDIUM WRITEUP
pimcore <10.6.4 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.
CVSS 5.4
CVE-2023-3822 WRITEUP MEDIUM WRITEUP
pimcore <10.6.4 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.
CVSS 6.1
CVE-2023-4145 WRITEUP MEDIUM WRITEUP
Pimcore Customer Data Framework < 3.4.2 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.
CVSS 5.4
CVE-2023-46722 WRITEUP MEDIUM WRITEUP
Pimcore Admin Classic Bundle <1.2.0 - XSS
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
CVSS 6.1
CVE-2023-46722 WRITEUP MEDIUM WRITEUP
Pimcore Admin Classic Bundle <1.2.0 - XSS
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
CVSS 6.1
CVE-2023-5873 WRITEUP MEDIUM WRITEUP
Pimcore < 11.1.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.
CVSS 5.4