Stored XSS in module name "Search Documents" in pimcore/pimcore

Valid

Reported on

May 7th 2023

Description

The search documents function was infected with xss because the title payload was not filtered resulting in xss when searching to /de.

1.Go to edit page title /de

2.Enter this xss code

              <img src=x onerror=javascript:alert(('1'))>

3.Go to "Search Documents" and type in "7*7" search box to find /de

--> xss will be executed and an alert will appear

https://drive.google.com/file/d/1qTiev3mUJy1V288CL5JR9RtHIpdYXQTy/view?usp=sharing

This vulnerability is capable of stolen the user cookie

We are processing your report and will contact the pimcore team within 24 hours. 4 months ago

We have contacted a member of the pimcore team and are waiting to hear back 4 months ago

commented 3 months ago

Researcher

hi is there any new update

A pimcore/pimcore maintainer has acknowledged this report 2 months ago

aryaantony92 validated this vulnerability 2 months ago

H4ck3r Kh0ỏng has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Divesh Pahuja marked this as fixed in 10.6.4 with commit 92811f 2 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

Divesh Pahuja published this vulnerability 2 months ago

to join this conversation