Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug in pimcore/pimcore

Valid

Reported on

Jan 31st 2023


Description

Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug of pimcore/pimcore

Proof of Concept

1. Login in stable account URL : https://demo.pimcore.fun/admin
2. Go to System Data ---> UrlSlug
3. Enter Payload in UrlSlug with starting with "/" slash.
For more understanding please check POC.
// PoC.js
var payload = /"><img src=x onerror=alert(document.domain);>
POC : https://drive.google.com/file/d/16gzOf4tUqUyUCq3JSENdG_AhgmJ6JHUy/view?usp=sharing

Impact

An attacker can use XSS to send a malicious script to an unsuspecting user.

We are processing your report and will contact the pimcore team within 24 hours. 2 months ago
We have contacted a member of the pimcore team and are waiting to hear back 2 months ago
pimcore/pimcore maintainer has acknowledged this report 2 months ago
Divesh Pahuja validated this vulnerability 2 months ago
Sanket Salavi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Divesh Pahuja marked this as fixed in 1.5.17 with commit f40505 2 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
Divesh Pahuja published this vulnerability 2 months ago
to join this conversation