CVE-2025-30166 (GCVE-0-2025-30166)
Vulnerability from cvelistv5 – Published: 2025-04-08 11:07 – Updated: 2025-04-08 13:02
VLAI?
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pimcore | admin-ui-classic-bundle |
Affected:
< 1.7.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30166",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:01:59.284422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T13:02:13.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T11:07:06.672Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"
},
{
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"
}
],
"source": {
"advisory": "GHSA-x82r-6j37-vrgg",
"discovery": "UNKNOWN"
},
"title": "Pimcore\u0027s Admin Classic Bundle allows HTML Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30166",
"datePublished": "2025-04-08T11:07:06.672Z",
"dateReserved": "2025-03-17T12:41:42.568Z",
"dateUpdated": "2025-04-08T13:02:13.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-30166\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-04-08T11:15:44.267\",\"lastModified\":\"2025-11-04T18:45:01.450\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.\"},{\"lang\":\"es\",\"value\":\"El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. Un problema de inyecci\u00f3n de HTML permite a los usuarios con acceso a la funci\u00f3n de env\u00edo de correos electr\u00f3nicos inyectar c\u00f3digo HTML arbitrario en los correos enviados a trav\u00e9s de la interfaz de administraci\u00f3n, lo que podr\u00eda provocar el robo de cookies de sesi\u00f3n y la alteraci\u00f3n del contenido de la p\u00e1gina. La vulnerabilidad se descubri\u00f3 en el endpoint /admin/email/send-test-email mediante el m\u00e9todo POST. El par\u00e1metro vulnerable es content, lo que permite la inyecci\u00f3n de c\u00f3digo HTML arbitrario durante el proceso de env\u00edo de correos electr\u00f3nicos. Si bien la inyecci\u00f3n de c\u00f3digo JavaScript se bloquea mediante filtrado, la inyecci\u00f3n de c\u00f3digo HTML sigue siendo posible. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 1.7.6.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":1.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*\",\"versionEndExcluding\":\"1.7.6\",\"matchCriteriaId\":\"78033C5D-9832-46B5-94A2-6F8BD8C895B7\"}]}]}],\"references\":[{\"url\":\"https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30166\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T13:01:59.284422Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T13:02:05.566Z\"}}], \"cna\": {\"title\": \"Pimcore\u0027s Admin Classic Bundle allows HTML Injection\", \"source\": {\"advisory\": \"GHSA-x82r-6j37-vrgg\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 1.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"pimcore\", \"product\": \"admin-ui-classic-bundle\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.7.6\"}]}], \"references\": [{\"url\": \"https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg\", \"name\": \"https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e\", \"name\": \"https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-04-08T11:07:06.672Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-30166\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T13:02:13.897Z\", \"dateReserved\": \"2025-03-17T12:41:42.568Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-04-08T11:07:06.672Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2025-30166
Vulnerability from fkie_nvd - Published: 2025-04-08 11:15 - Updated: 2025-11-04 18:45
Severity ?
Summary
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | admin_classic_bundle | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"matchCriteriaId": "78033C5D-9832-46B5-94A2-6F8BD8C895B7",
"versionEndExcluding": "1.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pimcore\u0027s Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6."
},
{
"lang": "es",
"value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. Un problema de inyecci\u00f3n de HTML permite a los usuarios con acceso a la funci\u00f3n de env\u00edo de correos electr\u00f3nicos inyectar c\u00f3digo HTML arbitrario en los correos enviados a trav\u00e9s de la interfaz de administraci\u00f3n, lo que podr\u00eda provocar el robo de cookies de sesi\u00f3n y la alteraci\u00f3n del contenido de la p\u00e1gina. La vulnerabilidad se descubri\u00f3 en el endpoint /admin/email/send-test-email mediante el m\u00e9todo POST. El par\u00e1metro vulnerable es content, lo que permite la inyecci\u00f3n de c\u00f3digo HTML arbitrario durante el proceso de env\u00edo de correos electr\u00f3nicos. Si bien la inyecci\u00f3n de c\u00f3digo JavaScript se bloquea mediante filtrado, la inyecci\u00f3n de c\u00f3digo HTML sigue siendo posible. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 1.7.6."
}
],
"id": "CVE-2025-30166",
"lastModified": "2025-11-04T18:45:01.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T11:15:44.267",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
CNVD-2025-12127
Vulnerability from cnvd - Published: 2025-06-11
VLAI Severity ?
Title
Pimcore Admin Classic Bundle跨站脚本漏洞
Description
Pimcore Admin Classic Bundle是Pimcore开源的一个Pimcore的核心捆绑包。
Pimcore Admin Classic Bundle存在跨站脚本漏洞,该漏洞源于HTML注入,攻击者可利用该漏洞窃取会话cookie。
Severity
低
Patch Name
Pimcore Admin Classic Bundle跨站脚本漏洞的补丁
Patch Description
Pimcore Admin Classic Bundle是Pimcore开源的一个Pimcore的核心捆绑包。
Pimcore Admin Classic Bundle存在跨站脚本漏洞,该漏洞源于HTML注入,攻击者可利用该漏洞窃取会话cookie。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg
Reference
https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e
Impacted products
| Name | Pimcore Pimcore Admin Classic Bundle |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-30166",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-30166"
}
},
"description": "Pimcore Admin Classic Bundle\u662fPimcore\u5f00\u6e90\u7684\u4e00\u4e2aPimcore\u7684\u6838\u5fc3\u6346\u7ed1\u5305\u3002\n\nPimcore Admin Classic Bundle\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eHTML\u6ce8\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u53d6\u4f1a\u8bddcookie\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-12127",
"openTime": "2025-06-11",
"patchDescription": "Pimcore Admin Classic Bundle\u662fPimcore\u5f00\u6e90\u7684\u4e00\u4e2aPimcore\u7684\u6838\u5fc3\u6346\u7ed1\u5305\u3002\r\n\r\nPimcore Admin Classic Bundle\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eHTML\u6ce8\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u53d6\u4f1a\u8bddcookie\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Pimcore Admin Classic Bundle\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Pimcore Pimcore Admin Classic Bundle"
},
"referenceLink": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e",
"serverity": "\u4f4e",
"submitTime": "2025-04-18",
"title": "Pimcore Admin Classic Bundle\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}
GHSA-X82R-6J37-VRGG
Vulnerability from github – Published: 2025-04-08 14:51 – Updated: 2025-04-08 14:51
VLAI?
Summary
Pimcore's Admin Classic Bundle allows HTML Injection
Details
Summary
An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content.
Details
The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible.
PoC
To reproduce the vulnerability, a user must fill out the email's content form with the desired HTML payload.
Impact
This HTML injection vulnerability can potentially enable phishing attacks by allowing the insertion of any html like fake login forms, etc.
All functionalities that process user input should be carefully reviewed to ensure that data is appropriately encoded as HTML entities in server responses. For instance, a reflected input paramete like <h1> just a test </h1> <p> <img> should be displayed in the HTML response as <h1> just a test </h1> <p> <img>.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pimcore/admin-ui-classic-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-30166"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-08T14:51:41Z",
"nvd_published_at": "2025-04-08T11:15:44Z",
"severity": "LOW"
},
"details": "### Summary\nAn HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content.\n\n### Details\nThe vulnerability was discovered in the `/admin/email/send-test-email` endpoint using the `POST` method. The vulnerable parameter is `content`, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible.\n\n### PoC\nTo reproduce the vulnerability, a user must fill out the email\u0027s content form with the desired HTML payload.\n\n\n### Impact\n\n\nThis HTML injection vulnerability can potentially enable phishing attacks by allowing the insertion of any html like fake login forms, etc.\nAll functionalities that process user input should be carefully reviewed to ensure that data is appropriately encoded as HTML entities in server responses. For instance, a reflected input paramete like `\u003ch1\u003e just a test \u003c/h1\u003e \u003cp\u003e \u003cimg\u003e` should be displayed in the HTML response as `\u0026#x3c;h1\u0026#x3e; just a test \u0026#x3c;/h1\u0026#x3e; \u0026#x3c;p\u0026#x3e; \u0026#x3c;img\u0026#x3e;`.",
"id": "GHSA-x82r-6j37-vrgg",
"modified": "2025-04-08T14:51:41Z",
"published": "2025-04-08T14:51:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30166"
},
{
"type": "WEB",
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"
},
{
"type": "PACKAGE",
"url": "https://github.com/pimcore/admin-ui-classic-bundle"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Pimcore\u0027s Admin Classic Bundle allows HTML Injection"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…