Customer Management Framework
CVE-2023-4145
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.
AnalysisAI
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. Affected products include: Pimcore Customer Management Framework. Version information: prior to 3.4.2..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated high severity (CVSS 7.2), this
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. Rated medium severity (CVSS
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. Rated medium severi
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated me
pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. Rat
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, perso
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today