What the vulnerability does
01Description
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVE-2022-0911
MEDIUM
CVE-2022-0911: Cross-site Scripting (XSS) - Stored in pimcore/pimcore
CVSS base score
6.8/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
March 16, 2022
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-12461 WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-13505 Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question
CVE-2025-4172 VerticalResponse Newsletter Widget <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2021-24932 Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting
CVE-2018-16474
