6 matches found
EUVD-2023-2672
Malicious code in bioql PyPI...
CVE-2023-5844
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...
CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...
CVE-2023-5844 Unverified Password Change in pimcore/admin-ui-classic-bundle
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0...
Cross-site Scripting
pimcore/admin-ui-classic-bundle is vulnerable to Cross-site Scripting. The vulnerability is due to sprintf function in functions.js which does not perform any escaping or sanitization of the subst and str value itself. This can lead to Cross-Site Scripting vulnerabilities if the str is later...
Cross-site Scripting (XSS)
pimcore/admin-ui-classic-bundle is vulnerable to Cross-site Scripting XSS. The vulnerability exists if an admin user has not set up 2-factor authentication in twofactorsetup.html.twig , which allows an attacker to inject and execute malicious HTML or javascript through the /admin/login/2fa-setup...