CVE-2022-0894 HIGH

CVE-2022-0894: Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Vendor Pimcore
Product pimcore/pimcore
Weakness CWE-79 · XSS
Published March 15, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.

Key dates

02Disclosure timeline

March 15, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-8627 Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-4716 Media Library Assistant <= 3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers CVE-2024-1498 Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget CVE-2025-1597 SourceCodester Best Church Management Software redirect.php cross site scripting