CVE-2021-39166
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-39166
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39166.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-39166
- Aliases
- Published
- 2021-09-01T14:15:07Z
- Modified
- 2024-05-14T10:35:24.421724Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2.
- References
Affected packages
Git / github.com/pimcore/pimcore
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pimcore/pimcore
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.2.0
2.2.1
2.2.2
2.3.0
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
4.*
4.0.0
4.0.1
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0
v10.*
v10.0.0
v10.0.0-BETA1
v10.0.0-BETA2
v10.0.0-BETA3
v10.0.0-BETA4
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.0.7
v10.0.8
v10.0.9
v10.1.0
v10.1.1
v5.*
v5.0.0
v5.0.0-RC
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1.0
v5.1.0-alpha
v5.1.1
v5.1.2
v5.1.3
v5.2.0
v5.2.3
v5.3.0
v5.3.1
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.5.0
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.7.0
v5.7.1
v5.7.2
v5.7.3
v5.8.0
v5.8.1
v5.8.2
v5.8.3
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.1.0
v6.1.1
v6.1.2
v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.3.0
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.4.0
v6.4.1
v6.4.2
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.6.0
v6.6.1
v6.6.10
v6.6.11
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7.0
v6.7.1
v6.7.2
v6.7.3
v6.8.0
v6.8.1
v6.8.10
v6.8.11
v6.8.12
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6