XSS Stored in perspective name in pimcore/perspective-editor


Reported on

Mar 9th 2023


Hello team,

I found an xss stored when adding a perspective name as shown in the gif below

Proof of Concept

Alt Text


Execute scripts

We are processing your report and will contact the pimcore/perspective-editor team within 24 hours. 6 months ago
We have contacted a member of the pimcore/perspective-editor team and are waiting to hear back 6 months ago
pimcore/perspective-editor maintainer has acknowledged this report 6 months ago
6 months ago


Hello team, any news?

Divesh Pahuja validated this vulnerability 6 months ago
CUPCΛKΣ has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Divesh Pahuja marked this as fixed in 1.5.1 with commit 169790 6 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Divesh Pahuja published this vulnerability 6 months ago
phpstan-bootstrap.php#L2 has been validated
to join this conversation