CVE-2023-4145 MEDIUM

CVE-2023-4145: Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework

Vendor Pimcore
Product pimcore/customer-data-framework
Weakness CWE-79 · XSS
Published August 3, 2023
Last update October 11, 2024
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.

Key dates

02Disclosure timeline

August 3, 2023 CVE published
October 11, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-8720 RumbleTalk Live Group Chat – HTML5 <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-32189 WordPress BWD Elementor Addons plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-5222 Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-9372 WP Blocks Hub <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2024-36147 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)