Lucene search

Pimcore Customer Data Framework Security Vulnerabilities

cve

CVE-2023-49076

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version...

6.5CVSS

6.4AI Score

0.001EPSS

2023-11-30 06:15 AM

cve

CVE-2023-4145

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to...

5.4CVSS

5.3AI Score

0.001EPSS

2023-08-03 05:15 PM

cve

CVE-2023-3574

Improper Authorization in GitHub repository pimcore/customer-data-framework prior to...

6.5CVSS

6.2AI Score

0.001EPSS

2023-07-10 04:15 PM

cve

CVE-2023-2881

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to...

4.9CVSS

5.2AI Score

0.001EPSS

2023-05-25 09:15 AM

cve

CVE-2023-2756

SQL Injection in GitHub repository pimcore/customer-data-framework prior to...

7.2CVSS

7AI Score

0.001EPSS

2023-05-17 11:15 AM

cve

CVE-2023-2629

Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to...

7.8CVSS

6AI Score

0.001EPSS

2023-05-10 04:15 PM

cve

CVE-2021-31867

Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the...

7.5CVSS

8AI Score

0.002EPSS

2021-08-04 11:15 PM