Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Valid

Reported on

Feb 7th 2022

Description

Cross site scripting vulnerability in pimcore,pimcore field, it is fixed in this commit 832c34 , but still it is executing xss .Icon field in events and news

Proof of Concept

1 . Login to the demo account https://10.x-dev.pimcore.fun/admin/

  1. Go to settings -->data objects --> classes --> Events icon field --> add payload and click save

  2. Go to data objects tab which is located at the bottom, go to events folder and extend alert will trigger .

  3. payload = "><iMg SrC="x" oNeRRor="alert(1);">

Impact

This vulnerability is capable of stolen the user cookie

We are processing your report and will contact the pimcore team within 24 hours. a year ago
Asura-N modified the report
a year ago
Asura-N modified the report
a year ago
We have contacted a member of the pimcore team and are waiting to hear back a year ago
We have sent a follow up to the pimcore team. We will try again in 7 days. a year ago
We have sent a second follow up to the pimcore team. We will try again in 10 days. a year ago
Divesh Pahuja modified the report
a year ago
Divesh Pahuja validated this vulnerability a year ago
Asura-N has been awarded the disclosure bounty
The fix bounty is now up for grabs
We have sent a fix follow up to the pimcore team. We will try again in 7 days. a year ago
We have sent a second fix follow up to the pimcore team. We will try again in 10 days. a year ago
We have sent a third and final fix follow up to the pimcore team. This report is now considered stale. a year ago
Divesh Pahuja marked this as fixed in 10.4.0 with commit 6e0922 a year ago
Divesh Pahuja has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation