We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

XSS Stored in perspective name in pimcore/perspective-editor

Valid

Reported on

Mar 9th 2023

Description

Hello team,

I found an xss stored when adding a perspective name as shown in the gif below

Proof of Concept

Alt Text

Impact

Execute scripts

We are processing your report and will contact the pimcore/perspective-editor team within 24 hours. 6 months ago
We have contacted a member of the pimcore/perspective-editor team and are waiting to hear back 6 months ago
pimcore/perspective-editor maintainer has acknowledged this report 6 months ago
CUPCΛKΣ
6 months ago

Researcher

Hello team, any news?

Divesh Pahuja validated this vulnerability 6 months ago
CUPCΛKΣ has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Divesh Pahuja marked this as fixed in 1.5.1 with commit 169790 6 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Divesh Pahuja published this vulnerability 6 months ago
phpstan-bootstrap.php#L2 has been validated
to join this conversation