{"url":"http://public2.vulnerablecode.io/api/packages/33229?format=json","purl":"pkg:composer/pimcore/admin-ui-classic-bundle@1.5.0","type":"composer","namespace":"pimcore","name":"admin-ui-classic-bundle","version":"1.5.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.7.16","latest_non_vulnerable_version":"2.3.6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212230?format=json","vulnerability_id":"VCID-2b8z-rbsm-1fbp","summary":"Pimcore includes vulnerable PHPOffice/PhpSpreadsheet","references":[{"reference_url":"https://github.com/advisories/GHSA-ghg6-32f9-2jp7","reference_id":"GHSA-ghg6-32f9-2jp7","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghg6-32f9-2jp7"},{"reference_url":"https://github.com/advisories/GHSA-hq76-662x-7mw4","reference_id":"GHSA-hq76-662x-7mw4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hq76-662x-7mw4"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-hq76-662x-7mw4","reference_id":"GHSA-hq76-662x-7mw4","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-hq76-662x-7mw4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33230?format=json","purl":"pkg:composer/pimcore/admin-ui-classic-bundle@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rb-a5d3-3yfb"},{"vulnerability":"VCID-rdf7-crp3-4yet"},{"vulnerability":"VCID-udcm-44p7-a7hm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.5.4"}],"aliases":["GHSA-hq76-662x-7mw4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2b8z-rbsm-1fbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89946?format=json","vulnerability_id":"VCID-31rb-a5d3-3yfb","summary":"Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30166","reference_id":"","reference_type":"","scores":[{"value":"1e-05","scoring_system":"epss","scoring_elements":"1e-05","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30166"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle","reference_id":"","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/admin-ui-classic-bundle"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30166","reference_id":"","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30166"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e","reference_id":"76b690d4f8fcd9c9d41766bc5238c2513242e60e","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:01:59Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"},{"reference_url":"https://github.com/advisories/GHSA-x82r-6j37-vrgg","reference_id":"GHSA-x82r-6j37-vrgg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x82r-6j37-vrgg"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg","reference_id":"GHSA-x82r-6j37-vrgg","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T13:01:59Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376373?format=json","purl":"pkg:composer/pimcore/admin-ui-classic-bundle@1.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rdf7-crp3-4yet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.7.6"}],"aliases":["CVE-2025-30166","GHSA-x82r-6j37-vrgg"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31rb-a5d3-3yfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57474?format=json","vulnerability_id":"VCID-3n6v-tkmg-ffha","summary":"Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system.  This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41109","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16139","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15997","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41109"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/admin-ui-classic-bundle"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0","reference_id":"afa10bff2f8bfe9c8af7b6b75885bc403f6984f0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:59:38Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41109","reference_id":"CVE-2024-41109","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41109"},{"reference_url":"https://github.com/advisories/GHSA-fx6j-9pp6-ph36","reference_id":"GHSA-fx6j-9pp6-ph36","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fx6j-9pp6-ph36"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36","reference_id":"GHSA-fx6j-9pp6-ph36","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:59:38Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40","reference_id":"IndexController.php#L125C24-L125C40","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:59:38Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2","reference_id":"v1.5.2","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:59:38Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32831?format=json","purl":"pkg:composer/pimcore/admin-ui-classic-bundle@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2b8z-rbsm-1fbp"},{"vulnerability":"VCID-31rb-a5d3-3yfb"},{"vulnerability":"VCID-rdf7-crp3-4yet"},{"vulnerability":"VCID-udcm-44p7-a7hm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/686808?format=json","purl":"pkg:composer/pimcore/admin-ui-classic-bundle@2.0.0-RC2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rdf7-crp3-4yet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@2.0.0-RC2"}],"aliases":["CVE-2024-41109","GHSA-fx6j-9pp6-ph36"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3n6v-tkmg-ffha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66767?format=json","vulnerability_id":"VCID-rdf7-crp3-4yet","summary":"Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions (e.g., name, key, type, default value) used across documents, assets, and objects to standardize custom attributes and improve editorial workflows, as documented in Pimcore's official properties guide. Testing confirmed that an authenticated backend user without explicit permissions for property management could successfully call the endpoint and retrieve the complete list of these configurations. The vulnerability is fixed in 2.2.3 and 1.7.16.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23495","reference_id":"","reference_type":"","scores":[{"value":"1e-05","scoring_system":"epss","scoring_elements":"0.00013","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23495"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/commit/98095949fbeaf11cdf4cadb2989d7454e1b88909","reference_id":"98095949fbeaf11cdf4cadb2989d7454e1b88909","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T17:08:56Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/commit/98095949fbeaf11cdf4cadb2989d7454e1b88909"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23495","reference_id":"CVE-2026-23495","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23495"},{"reference_url":"https://github.com/advisories/GHSA-hqrp-m84v-2m2f","reference_id":"GHSA-hqrp-m84v-2m2f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqrp-m84v-2m2f"},{"reference_url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-hqrp-m84v-2m2f","reference_id":"GHSA-hqrp-m84v-2m2f","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T17:08:56Z/"}],"url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-hqrp-m84v-2m2f"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.7.16","reference_id":"v1.7.16","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T17:08:56Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.7.16"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v2.2.3","reference_id":"v2.2.3","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T17:08:56Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v2.2.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37801?format=json","purl":"pkg:composer/pimcore/admin-ui-classic-bundle@1.7.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.7.16"},{"url":"http://public2.vulnerablecode.io/api/packages/37804?format=json","purl":"pkg:composer/pimcore/admin-ui-classic-bundle@2.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@2.2.3"}],"aliases":["CVE-2026-23495","GHSA-hqrp-m84v-2m2f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdf7-crp3-4yet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124674?format=json","vulnerability_id":"VCID-udcm-44p7-a7hm","summary":"pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via \"Forgot password\" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24980","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00853","published_at":"2026-06-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0085","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24980"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pimcore/admin-ui-classic-bundle"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24980","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24980"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/pull/808","reference_id":"808","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T21:13:24Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/pull/808"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9","reference_id":"96ae555578c3b4df368092d71e07a6c4ddf8fbe9","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T21:13:24Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/commit/96ae555578c3b4df368092d71e07a6c4ddf8fbe9"},{"reference_url":"https://github.com/advisories/GHSA-vr5f-php7-rg24","reference_id":"GHSA-vr5f-php7-rg24","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vr5f-php7-rg24"},{"reference_url":"https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24","reference_id":"GHSA-vr5f-php7-rg24","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-07T21:13:24Z/"}],"url":"https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-vr5f-php7-rg24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377266?format=json","purl":"pkg:composer/pimcore/admin-ui-classic-bundle@1.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31rb-a5d3-3yfb"},{"vulnerability":"VCID-rdf7-crp3-4yet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.7.4"}],"aliases":["CVE-2025-24980","GHSA-vr5f-php7-rg24"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-udcm-44p7-a7hm"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/pimcore/admin-ui-classic-bundle@1.5.0"}