Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-42817
HistorySep 25, 2023 - 7:15 p.m.

Code injection

2023-09-2519:15:00
PRIOn knowledge base
www.prio-n.com
5
code injection
pimcore
admin ui

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit abd77392 which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually.

CPENameOperatorVersion
admin_classic_bundlelt1.1.2

Related

nvd 1
veracode 1
github 1
osv 2
cvelist 1
cve 1
nvd
nvd
CVE-2023-42817
2023-09-25 19:15:10
veracode
veracode
Cross-site Scripting
2023-09-27 08:01:37
github
github
pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
2023-09-25 17:34:11
osv
osv
pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
2023-09-25 17:34:11
CVE-2023-42817
2023-09-25 19:15:10
cvelist
cvelist
CVE-2023-42817 Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations
2023-09-25 18:57:33
cve
cve
CVE-2023-42817
2023-09-25 19:15:10

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON
Related for PRION:CVE-2023-42817
nvd1veracode1github1osv2cvelist1cve1