Vulnerabilities in pimcore
135 resultsCVE-2023-1517MEDIUMCross-site Scripting (XSS) - DOM in pimcore/pimcoreEPSS 0.4%CVE-2023-1117MEDIUMCross-site Scripting (XSS) - Stored in pimcore/pimcoreEPSS 0.4%CVE-2026-23493HIGHPimcore ENV Variables and Cookie Informations are exposed in http_error_logEPSS 0.4%CVE-2023-2343MEDIUMCross-site Scripting (XSS) - DOM in pimcore/pimcoreEPSS 0.4%CVE-2023-2332MEDIUMStored Cross-site Scripting (XSS) in pimcore/pimcoreEPSS 0.4%CVE-2023-1515MEDIUMCross-site Scripting (XSS) - Stored in pimcore/pimcoreEPSS 0.3%CVE-2026-5394HIGHPimcore Platform v12.3.3 - SQL Injection in DataObject composite index handlingEPSS 0.3%CVE-2023-5873MEDIUMCross-site Scripting (XSS) - Stored in pimcore/pimcoreEPSS 0.3%CVE-2026-23495MEDIUMPimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" ListingEPSS 0.3%CVE-2023-42817MEDIUMCross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translationsEPSS 0.3%CVE-2026-23494MEDIUMPimcore is Missing Function Level Authorization on "Static Routes" ListingEPSS 0.3%CVE-2026-23496MEDIUMPimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level AuthorizationEPSS 0.3%CVE-2023-49076MEDIUMPimcore missing token/header to prevent CSRFEPSS 0.3%CVE-2025-30166LOWPimcore's Admin Classic Bundle allows HTML InjectionEPSS 0.2%CVE-2026-5362MEDIUMPimcore Platform v12.3.3 - Stored XSS in Document Editable Embed renderingEPSS 0.2%