CVE-2023-4145

Name of the Vulnerable Software and Affected Versions pimcore/customer-data-framework versions prior to 3.4.2

Description The issue is related to Cross-site Scripting (XSS) - Stored, which can be exploited by an attacker to trick victims into clicking on malicious hyperlinks, potentially leading to damage and unauthorized access to user logins. This can occur through HTML injection in emails, allowing attackers to redirect victims to malicious sites or host XSS pages.

Recommendations Update to version 3.4.2 or apply the patch manually from https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2.patch to resolve the issue. As a temporary workaround, consider applying the patch manually to mitigate the risk of exploitation.