Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version...
6.5CVSS
6.4AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to...
5.4CVSS
5.3AI Score
0.001EPSS
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to...
6.5CVSS
6.2AI Score
0.001EPSS
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to...
4.9CVSS
5.2AI Score
0.001EPSS
7.2CVSS
7AI Score
0.001EPSS
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to...
7.8CVSS
6AI Score
0.001EPSS
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the...
7.5CVSS
8AI Score
0.002EPSS