Hand-Picked Top-Read Stories

g5-cyber-security-post-cover-dark-blue-v1 - Blog - G5 Cyber Security

CVE-2018-14059 – Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Ima

March 4, 2022

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14059

Reference (s):

EXPLOIT-DB:45208
URL: https://www.exploit-db.com/exploits/45208/
FULLDISC:20180816 SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore
URL: http://seclists.org/fulldisclosure/2018/Aug/13
http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html

CVEs

CVE-2018-1404 – IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6

March 4, 2022

CVEs

CVE-2018-14062 – The COSPAS-SARSAT protocol allows remote attackers to forge messages, rep

March 4, 2022

Hand-Picked Top-Read Stories

Andrew Wheatley | The artificial intelligence and data protection conundrum

Delroy McLean | Dealing with cybersecurity

Historic Cyber workshop for the Caribbean

Trending Tags

CVE-2018-14059 – Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Ima

Previous Post

CVE-2018-1404 – IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6

Next Post

CVE-2018-14062 – The COSPAS-SARSAT protocol allows remote attackers to forge messages, rep

CVE-2018-14059 – Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Ima

Previous Post

Next Post

Related Posts