{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T11:10:52.793","vulnerabilities":[{"cve":{"id":"CVE-2021-39170","sourceIdentifier":"security-advisories@github.com","published":"2021-09-01T14:15:08.023","lastModified":"2024-11-21T06:18:46.923","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually."},{"lang":"es","value":"Pimcore es una plataforma de administración de datos y experiencias de código abierto. En versiones anteriores a 10.1.2, un usuario autenticado podía añadir código de tipo XSS como valor de los metadatos personalizados en los activos. Se presenta un parche para este problema en Pimcore versión 10.1.2. Como solución, los usuarios pueden aplicar el parche manualmente"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.2","matchCriteriaId":"B1FE0080-132D-47C2-BD84-651B57DC3D99"}]}]}],"references":[{"url":"https://github.com/pimcore/pimcore/pull/10178","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/pimcore/pimcore/pull/10178.patch","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2/","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/pimcore/pimcore/pull/10178","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/pimcore/pimcore/pull/10178.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}