Stored xss in print generate and preview pdf in pimcore/pimcore
Valid
Reported on
Feb 28th 2023
HI Team,
In pimcore dev url https://11.x-dev.pimcore.fun/admin/ I found one stored xss in generate and preview pdf . The author field and title field is vulnerable to xss
Step to reproduce
- Login to dev url https://11.x-dev.pimcore.fun/admin/
- add a print container page in documents
- Insert this xss payload in author and title field
;1lblah"<iframe/onload=confirm(document.domain);></i>" - then save and publish > click generate pdf > then cancel the pdf and save and publish the container page
- Logout and login back to account
- goto the printer container page and goto Generate and preview pdf you can see the xss get executed
Video Proof
https://drive.google.com/file/d/1Pw6ew2N_n_TfiCHI0OOCxGOHsfEHMPmt/view?usp=sharing
PoC https://drive.google.com/file/d/17TvYStMn9XXMPY1QC9HDbGqfWzmwSvSq/view?usp=sharing
Impact
Stored xss leads to steal cookies and other information of other users
We are processing your report and will contact the
pimcore
team within 24 hours.
a month ago
We have contacted a member of the
pimcore
team and are waiting to hear back
a month ago
Thank you very much for reporting the issue, we've added this to our sprint and will update you asap :)
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
The researcher's credibility has increased: +7
to join this conversation