CVE-2024-21666 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list

The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

GHSA-G273-WPPX-82W4 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts

Summary An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/gdpr-data/search-data-objects...

Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts

Summary An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/gdpr-data/search-data-objects...

GHSA-C38C-C8MH-VQ68 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list

Summary An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/duplicates/list endpoint allowing an authenticated user without the permissions t...

Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list

Summary An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/duplicates/list endpoint allowing an authenticated user without the permissions t...

CVE-2023-49076

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5...

CVE-2023-49076 Pimcore missing token/header to prevent CSRF

Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5...

PT-2023-31044 · Pimcore · Pimcore/Customer-Data-Framework

Name of the Vulnerable Software and Affected Versions: Pimcore Customer-data-framework versions prior to 4.0.5 Description: The issue allows an attacker to create new customers due to the lack of tokens or headers to prevent CSRF attacks. This can be exploited to manage customer data within...

CVE-2023-4145

Cross-site Scripting XSS - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2...

CVE-2023-4145 Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework

Cross-site Scripting XSS - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2...

CVE-2023-4145

CVE-2023-4145 is a stored XSS vulnerability in pimcore/customer-data-framework present in versions prior to 3.4.2. The issue stems from cross-site scripting in the Customer Data Framework that could be triggered via HTML injection in emails, potentially allowing an attacker to influence a victim’...

PT-2023-27953 · Pimcore · Pimcore/Customer-Data-Framework

Name of the Vulnerable Software and Affected Versions: pimcore/customer-data-framework versions prior to 3.4.2 Description: The issue is related to Cross-site Scripting XSS - Stored, which can be exploited by an attacker to trick victims into clicking on malicious hyperlinks, potentially leading ...

Pimcore customer-data-framework Cross-Site Scripting Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...

CVE-2023-3574 Improper Authorization in pimcore/customer-data-framework

Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1...

CVE-2023-3574 Improper Authorization in pimcore/customer-data-framework

Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1...

CVE-2023-3574 Improper Authorization in pimcore/customer-data-framework

Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1...

CVE-2023-3574

CVE-2023-3574 : The issue affects pimcore/customer-data-framework prior to 3.4.1, where improper authorization checks allow an unauthorized actor to access resources or perform actions. The Red Hat/Veracode/GHSA entries corroborate the same vulnerability description. A patch is available: upgrade...

Pimcore 安全漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore...

PT-2023-25293 · Pimcore · Pimcore/Customer-Data-Framework

Name of the Vulnerable Software and Affected Versions: pimcore/customer-data-framework versions prior to 3.4.1 Description: The product performs authorization checks incorrectly, allowing an unauthorized actor to access resources or perform actions. This enables the attacker to view and freely ad...