XSS Stored in perspective name in pimcore/perspective-editor

Valid

Reported on

Mar 9th 2023


Description

Hello team,

I found an xss stored when adding a perspective name as shown in the gif below

Proof of Concept

Alt Text

Impact

Execute scripts

We are processing your report and will contact the pimcore/perspective-editor team within 24 hours. 3 months ago
We have contacted a member of the pimcore/perspective-editor team and are waiting to hear back 3 months ago
pimcore/perspective-editor maintainer has acknowledged this report 2 months ago
Dan Barros
2 months ago

Researcher


Hello team, any news?

Divesh Pahuja validated this vulnerability 2 months ago
Dan Barros has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Divesh Pahuja marked this as fixed in 1.5.1 with commit 169790 2 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Divesh Pahuja published this vulnerability 2 months ago
phpstan-bootstrap.php#L2 has been validated
to join this conversation