Количество 2
Количество 2
CVE-2023-42817
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually.
GHSA-m988-7375-7g2c
pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-42817 Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually. | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
| GHSA-m988-7375-7g2c pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу