What the vulnerability does
01Description
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.
CVE-2022-3211
MEDIUM
CVE-2022-3211: Cross-site Scripting (XSS) - Stored in pimcore/pimcore
CVSS base score
5.8/10
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Key dates
02Disclosure timeline
September 15, 2022
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-53272 GHSL-2024-109: Reflected XSS in /login in habitica
CVE-2025-9237 CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting
CVE-2022-44473 AEM Reflected XSS Arbitrary code execution
CVE-2026-34429 Vvveb < 1.0.8.1 Stored XSS via Media Upload and Rename
CVE-2026-2481 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]'
