The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user.
The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box.
https://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c.patch
Update to version 1.1.2 or apply this patches manually
https://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c.patch
| Score | Percentile |
|---|---|
| 0.00% | 0.14% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.4 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-m988-7375-7g2c ↗ |
| CVE | CVE-2023-42817 ↗ |
| CWE id | Name |
|---|---|
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| composer | pimcore/admin-ui-classic-bundle | < 1.1.2 | 1.1.2 | — |