Move new vulnerability to vulnerabilities/AIKIDO-2025-10427.json and reset new.json template

github-actions[bot] · github-actions[bot] · commit 2e005929adb9 · 2025-07-01T08:43:26.000Z
diff --git a/input/new.json b/input/new.json
@@ -1,24 +1,15 @@
 {
-  "package_name": "pimcore/admin-ui-classic-bundle",
-  "patch_versions": [
-    "2.1.0"
-  ],
-  "vulnerable_ranges": [
-    [
-      "2.0.0",
-      "2.0.2"
-    ]
-  ],
-  "cwe": [
-    "CWE-79"
-  ],
-  "tldr": "Affected versions of this package are vulnerable to stored Cross-Site Scripting (XSS) due to improper HTML encoding of user-controlled parameters in the email log interface. Attackers can exploit this vulnerability by injecting malicious HTML or JavaScript into email template variables. When administrators view the email log, the malicious payload executes in their session, which can lead to session hijacking, data theft, or compromise of the admin account.",
-  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
-  "how_to_fix": "Upgrade the `pimcore/admin-ui-classic-bundle` library to the patch version.",
-  "vulnerable_to": "Cross-Site Scripting (XSS)",
+  "package_name": "",
+  "patch_versions": [],
+  "vulnerable_ranges": [],
+  "cwe": [],
+  "tldr": "",
+  "doest_this_affect_me": "",
+  "how_to_fix": "",
+  "vulnerable_to": "",
   "related_cve_id": "",
-  "language": "PHP",
-  "severity_class": "HIGH",
-  "aikido_score": 81,
-  "changelog": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v2.1.0"
+  "language": "",
+  "severity_class": "",
+  "aikido_score": 0,
+  "changelog": ""
 }
diff --git a/vulnerabilities/AIKIDO-2025-10427.json b/vulnerabilities/AIKIDO-2025-10427.json
@@ -0,0 +1,26 @@
+{
+  "package_name": "pimcore/admin-ui-classic-bundle",
+  "patch_versions": [
+    "2.1.0"
+  ],
+  "vulnerable_ranges": [
+    [
+      "2.0.0",
+      "2.0.2"
+    ]
+  ],
+  "cwe": [
+    "CWE-79"
+  ],
+  "tldr": "Affected versions of this package are vulnerable to stored Cross-Site Scripting (XSS) due to improper HTML encoding of user-controlled parameters in the email log interface. Attackers can exploit this vulnerability by injecting malicious HTML or JavaScript into email template variables. When administrators view the email log, the malicious payload executes in their session, which can lead to session hijacking, data theft, or compromise of the admin account.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `pimcore/admin-ui-classic-bundle` library to the patch version.",
+  "vulnerable_to": "Cross-Site Scripting (XSS)",
+  "related_cve_id": "",
+  "language": "PHP",
+  "severity_class": "HIGH",
+  "aikido_score": 81,
+  "changelog": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v2.1.0",
+  "last_modified": "2025-07-01",
+  "published": "2025-07-01"
+}
