CVE-2023-4145 – Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-4145
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. • https://github.com/miguelc49/CVE-2023-4145-3 https://github.com/miguelc49/CVE-2023-4145-2 https://github.com/miguelc49/CVE-2023-4145-1 https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2 https://huntr.dev/bounties/ce852777-2994-40b4-bb4e-c4d10023eeb0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-2881 – Storing Passwords in a Recoverable Format in pimcore/customer-data-framework
https://notcve.org/view.php?id=CVE-2023-2881
Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. • https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6 https://huntr.dev/bounties/db6c32f4-742e-4262-8fd5-cefd0f133416 • CWE-257: Storing Passwords in a Recoverable Format CWE-522: Insufficiently Protected Credentials •