Pimcore 10.3.3 and prior is vulnerable to stored cross-site scripting. A patch is available on the 10.x branch and will likely be part of version 10.4.0.

Affected Packages

Packagist pimcore/pimcore

Affected versions: 0 (fixed in 10.4.0)

Related CVEs

CVE-2022-0911

Key Information

GHSA ID

GHSA-j29f-m23h-3p8p

Published

March 17, 2022 12:00 AM

Last Modified

March 29, 2022 3:16 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

pimcore/pimcore

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.