4 matches found
CVE-2023-42817
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” from “%suggest% is parsed by sprintf even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access...
CVE-2023-42817
creationtimestamp| type| source ---|---|--- 2023-09-25 22:39:31+00:00| seen| https://t.me/cibsecurity/71009...
CVE-2023-42817 Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations
Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” from “%suggest% is parsed by sprintf even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access...
CVE-2023-42817
Pimcore admin-ui-classic-bundle translations are vulnerable to Cross-site Scripting due to a translation string containing “%s” being parsed by sprintf(), allowing potential injection in dialog boxes. Affected versions: prior to 1.1.2. Root cause: unsanitized translation parsing. Remediation: upg...