CVE-2023-37280

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-37280

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37280.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-37280

Aliases

GHSA-hqv9-6jqw-9g8m

Published

2023-07-11T19:15:09Z

Modified

2024-05-14T12:57:19.403377Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3.

References

Affected packages

Git / github.com/pimcore/admin-ui-classic-bundle

Affected ranges

Type: GIT
Repo: https://github.com/pimcore/admin-ui-classic-bundle
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5fcd19bdc89a3fe4cb8ad8c356590e1e4740c743

Affected versions

v1.*

v1.0.0

v1.0.0-BETA1

v1.0.0-RC1

v1.0.0-RC2

v1.0.1

v1.0.2