Cross-site Scripting (XSS) - Stored in pimcore/pimcore
Mar 9th 2022
pimcore datahub is vulnerable to Stored XSS in multiple places including:
(1) Field-Collections in Data Objects
(2) Objectbricks in Data Objects
Proof of Concept (for both 1 & 2)
Step 1: Go to https://10.x-dev.pimcore.fun/admin/ and login.
Step 2: Click Settings > Data Objects > Field-Collections / Objectbricks > Add
Step 3: Input aaa so as to capture legitimate POST request in Burp Suite
Step 4: Modify value of the "key" parameter in the body of POST request as below, which is URL encoded
Step 5: Forward the request
You will see the an alert box prompt whenever you access Field-Collections / Objectbricks
This vulnerability is capable for letting attacker potentially steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie.