Vulnerabilities > Pimcore > Customer Data Framework > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-4145 | Cross-site Scripting vulnerability in Pimcore Customer Data Framework Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. | 5.4 |
| 2023-05-25 | CVE-2023-2881 | Insufficiently Protected Credentials vulnerability in Pimcore Customer-Data-Framework Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | 4.9 |