Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-m988-7375-7g2c

GitHub Security Advisory

pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user.

The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box.

### Patches
https://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c.patch

### Workarounds
Update to version 1.1.2 or apply this patches manually
https://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c.patch

Affected Packages

Packagist pimcore/admin-ui-classic-bundle
Affected versions: 0 (fixed in 1.1.2)

Related CVEs

CVE-2023-42817

Key Information

GHSA ID
GHSA-m988-7375-7g2c
Published
September 25, 2023 5:34 PM
Last Modified
September 26, 2023 1:57 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
pimcore/admin-ui-classic-bundle
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 10, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.