Reflected XSS in Application Logger module in pimcore/pimcore

Valid

Reported on

Mar 1st 2023

Description

pimcore is vulnerable to Reflected XSS at From and To fields when searching in the Application Logger module.

Payload

"><img src=x onerror=alert(document.domain);>

Proof of Concept

1.Go to https://demo.pimcore.fun/admin/ and login.
2.In the left menu bar, go to Tools -> Application Logger.
3.In the Application Logger tab, on the right Search form, input the payload "><img src=x onerror=alert(document.domain);> into the From and To fields. You will see the XSS popup triggers.

Impact

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

We are processing your report and will contact the pimcore team within 24 hours. a month ago

KhanhCM modified the report

a month ago

We have contacted a member of the pimcore team and are waiting to hear back a month ago

A pimcore/pimcore maintainer has acknowledged this report 25 days ago

Divesh Pahuja validated this vulnerability 21 days ago

KhanhCM has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Divesh Pahuja marked this as fixed in 10.5.19 with commit d35d07 21 days ago

Divesh Pahuja has been awarded the fix bounty

This vulnerability has been assigned a CVE

Divesh Pahuja published this vulnerability 21 days ago

KhanhCM

commented 21 days ago

Researcher

Thank you, @dvesh3.
Can you acknowledge and review my other report here? https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/ I reported it before this report but it has not been acknowledged yet.

to join this conversation