What is CVE-2023-37280?

CVE-2023-37280 is a medium-severity vulnerability in Pimcore Admin-ui-classic-bundle, classified under Cross-site Scripting. CVSS score: 5.0/10. Published 2023-07-11.

How severe is CVE-2023-37280?

Medium severity. CVSS v3 base score is 5.0 out of 10.

XSS in Pimcore Admin-ui-classic-bundle

CVE-2023-37280

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the app…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (5.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Pimcore Admin-ui-classic-bundle — versions < 1.0.3

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-hqv9-6jqw-9g8m (x_refsource_CONFIRM)
https://github.com/pimcore/admin-ui-classic-bundle/pull/147 (x_refsource_MISC)
https://github.com/pimcore/admin-ui-classic-bundle/commit/5fcd19bdc89a3fe4cb8ad8c356590e1e4740c743 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-37280?: CVE-2023-37280 is a medium-severity vulnerability in Pimcore Admin-ui-classic-bundle, classified under Cross-site Scripting. CVSS score: 5.0/10. Published 2023-07-11.
How severe is CVE-2023-37280?: Medium severity. CVSS v3 base score is 5.0 out of 10.