QwikSec

Security Database

CVE

CWE

Training

CVE-2018-14059

Published: Aug 24, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20180816 SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html

x_refsource_MISC

https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.