CVE-2023-42817
MEDIUM5.4EPSS 0.00%pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
描述
### Impact The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. ### Patches https://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c.patch ### Workarounds Update to version 1.1.2 or apply this patches manually https://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c.patch
受影響套件(1)
- Packagist/pimcore/admin-ui-classic-bundlefrom 0, < 1.1.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
參考連結(4)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-42817
- PATCHhttps://github.com/pimcore/admin-ui-classic-bundle
- WEBhttps://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c
- WEBhttps://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-m988-7375-7g2c