What the vulnerability does
01Description
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
CVSS base score
7.6/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Key dates
02Disclosure timeline
February 12, 2022
CVE published
November 19, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-22684 WordPress WP BASE Booking plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2020-36523 PlantUML Database Information Macro cross site scripting
CVE-2023-49181 WordPress WP Event Manager Plugin <= 3.1.40 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-45607 WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2026-45665 Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order
