Limenet

**Name of the Vulnerable Software and Affected Versions** Pimcore admin-ui-classic-bundle versions prior to 1.1.2 **Description** The translation value with text including `%s` (from `%suggest%`) is parsed by `sprintf()` even though it's supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. **Recommendations** Update to version 1.1.2 or apply the patch manually. As a temporary workaround, consider restricting access to the translation module to minimize the risk of exploitation.