GCVE - cpe:2.3:a:pimcore:pimcore/customer-data-framework:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:pimcore:pimcore/customer-data-framework:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Pimcore (`115a8b86-56a6-5ce9-b491-b05cfe687e20`)
Product	Pimcore/Customer Data Framework (`f87cfc29-9670-5172-ad0a-f51ff6548522`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-4145`	vulnerable	2026-06-03 14:53:27.377531	Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework MEDIUM (6.5) Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. Published: 2023-08-03T16:04:11.248Z Updated: 2024-10-11T18:18:22.385Z Open on db.gcve.eu Reference links https://huntr.dev/bounties/ce852777-2994-40b4-bb4e-c4d10023eeb0 https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3574`	vulnerable	2026-06-03 14:52:41.212349	Improper Authorization in pimcore/customer-data-framework MEDIUM (6.3) Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. Published: 2023-07-10T08:48:31.650Z Updated: 2024-10-30T14:35:46.384Z Open on db.gcve.eu Reference links https://huntr.dev/bounties/1dcb4f01-e668-4aa3-a6a3-838532e500c6 https://github.com/pimcore/customer-data-framework/commit/f15668c86db254e86ba7ac895bc3cdd1a2a3cc45	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2881`	vulnerable	2026-06-03 14:51:44.600984	Storing Passwords in a Recoverable Format in pimcore/customer-data-framework MEDIUM (6.7) Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Published: 2023-05-25T00:00:00.000Z Updated: 2025-01-16T15:15:04.522Z Open on db.gcve.eu Reference links https://huntr.dev/bounties/db6c32f4-742e-4262-8fd5-cefd0f133416 https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2756`	vulnerable	2026-06-03 14:51:43.830189	SQL Injection in pimcore/customer-data-framework MEDIUM (6.5) SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Published: 2023-05-17T00:00:00.000Z Updated: 2025-01-22T18:08:00.855Z Open on db.gcve.eu Reference links https://huntr.dev/bounties/cf398528-819f-456e-88e7-c06d268d3f44 https://github.com/pimcore/customer-data-framework/commit/76df151737b7964ce5169fdf9e27a0ad801757fe	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2629`	vulnerable	2026-06-03 14:51:43.547665	Improper Neutralization of Formula Elements in a CSV File in pimcore/customer-data-framework MEDIUM (5) Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. Published: 2023-05-10T00:00:00.000Z Updated: 2025-01-27T19:40:22.120Z Open on db.gcve.eu Reference links https://huntr.dev/bounties/821ff465-4754-42d1-9376-813c17f16a01 https://github.com/pimcore/customer-data-framework/commit/4e0105c3a78d20686a0c010faef27d2297b98803	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Pimcore/Customer Data Framework

PURL mappings

Vulnerability references

Contribute