Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Valid

Reported on

Oct 29th 2021


Description

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Proof of Concept

1--> Go Asset Metadata Class Definitions -> Create another one or just edit aprevious one .
2 --> In the Name input Inject any XSS payload .
3 --> getting an alert stored in the server.


// PoC.js

1 --> Video POC -> https://drive.google.com/file/d/1dH7QNp6qpsfulBkv9iVlfIjS6I-YyPMQ/view?usp=sharing

Impact

This vulnerability is capable of...steal user session , takeover user account , make redirect user to attacker controlled site //

We have contacted a member of the pimcore team and are waiting to hear back a month ago
We have contacted a member of the pimcore team and are waiting to hear back a month ago
We have contacted a member of the pimcore team and are waiting to hear back a month ago
Bernhard Rusch validated this vulnerability a month ago
0x9x has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bernhard Rusch confirmed that a fix has been merged on 542d0c a month ago
Bernhard Rusch has been awarded the fix bounty
Bernhard Rusch
a month ago

Maintainer


Thanks for reporting! However, I do not agree with the severity, since this is an admin-only functionality, there's not much impact in terms of security (an admin can do anyway whatever he wants).

0x9x
a month ago

Researcher


Thanks for the quick update!

0x9x
a month ago

Researcher


Yes! i know , but linking this with a CSRF attack will lead to a full account takeover !

amammad
a month ago

Hey guys, even pre authentication RCE don't have a 9.8 score … please careful about CVE scores because the users of Pimcore when see this, They may be shocked ….

0x9x
a month ago

Researcher


:/ Not that bad thing ! i know this was a small mistake by me .