Vulnerability Description
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pimcore | Admin Classic Bundle | < 1.0.3 |
Related Weaknesses (CWE)
References
- https://github.com/pimcore/admin-ui-classic-bundle/commit/5fcd19bdc89a3fe4cb8ad8Patch
- https://github.com/pimcore/admin-ui-classic-bundle/pull/147Patch
- https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-hqv9Vendor Advisory
- https://github.com/pimcore/admin-ui-classic-bundle/commit/5fcd19bdc89a3fe4cb8ad8Patch
- https://github.com/pimcore/admin-ui-classic-bundle/pull/147Patch
- https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-hqv9Vendor Advisory
FAQ
What is CVE-2023-37280?
CVE-2023-37280 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for...
How severe is CVE-2023-37280?
CVE-2023-37280 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-37280?
Check the references section above for vendor advisories and patch information. Affected products include: Pimcore Admin Classic Bundle.