Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Valid

Reported on

Feb 27th 2022


Description

pimcore is vulnerable to Stored XSS at Key field in the Navigation & Properties tab of a Document page.

Payload

"><img src=x onerror=alert(1);>

Step to reproduce

1.Go to https://demo.pimcore.fun/admin/ and login.
2.Click on any document (Home, de,...) in the Documents
3.Go to Navigation & Properties tab, in the Key column, input payload "><img src=x onerror=alert(1);> into the Key field of any record.
You will see the XSS popup triggers.

Impact

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie.

We are processing your report and will contact the pimcore team within 24 hours. 3 months ago
We have contacted a member of the pimcore team and are waiting to hear back 3 months ago
Divesh Pahuja modified the report
3 months ago
JiaJia Ji validated this vulnerability 3 months ago
KhanhCM has been awarded the disclosure bounty
The fix bounty is now up for grabs
JiaJia Ji confirmed that a fix has been merged on e786fd 3 months ago
JiaJia Ji has been awarded the fix bounty
properties.js#L241-L273 has been validated
properties.js#L14-L36 has been validated
properties.js#L39-L227 has been validated
to join this conversation