QSearchQSearch

CVE-2021-39189

5.3 MEDIUM

Pimcore is an open source data & experience management platform

Published: 2021-09-15 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
CWE-203, CWE-204

Affected products

VendorProduct
pimcorepimcore

Description

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-5362 An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cau... (5.4 MEDIUM)
  • CVE-2021-39170 Pimcore is an open source data & experience management platform (8.0 HIGH)
  • CVE-2021-39166 Pimcore is an open source data & experience management platform (8.0 HIGH)

Same CWE

  • CVE-2026-11289 Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via... (6.5 MEDIUM)
  • CVE-2026-11284 Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origi... (6.5 MEDIUM)
  • CVE-2026-43926 FOSSBilling is a free, open-source billing and client management system
  • CVE-2026-45294 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework (5.3 MEDIUM)
  • CVE-2026-45620 WWBN AVideo is an open source video platform (5.3 MEDIUM)