CVE-2023-42817

Name of the Vulnerable Software and Affected Versions Pimcore admin-ui-classic-bundle versions prior to 1.1.2

Description The translation value with text including %s (from %suggest%) is parsed by sprintf() even though it's supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box.

Recommendations Update to version 1.1.2 or apply the patch manually. As a temporary workaround, consider restricting access to the translation module to minimize the risk of exploitation.