Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Valid

Reported on

Dec 22nd 2021


Description

Stored cross site scripting vulnerability in report class field on custom report feature.

Proof of Concept

1 . Login to dev account https://10.x-dev.pimcore.fun/admin/

2 . Go to marketing --> custom reports --> Report class :field in left navigation menu

3 . Add payload "><iMg SrC="x" oNeRRor="alert(1);"> in report class field and click save and reload

4 . go to custom reports alert will trigger

payload "><iMg SrC="x" oNeRRor="alert(1);">

Impact

This vulnerability is capable of stolen the user cookie

We are processing your report and will contact the pimcore team within 24 hours. 5 months ago
We have contacted a member of the pimcore team and are waiting to hear back 5 months ago
We have sent a follow up to the pimcore team. We will try again in 7 days. 5 months ago
We have sent a second follow up to the pimcore team. We will try again in 10 days. 5 months ago
We have sent a third and final follow up to the pimcore team. This report is now considered stale. 5 months ago
Bernhard Rusch validated this vulnerability 4 months ago
Asura-N has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bernhard Rusch confirmed that a fix has been merged on dff1cb 4 months ago
Bernhard Rusch has been awarded the fix bounty
to join this conversation