Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration in pimcore/pimcore
Mar 30th 2023
Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration.
Proof of Concept
Login to the demo account https://11.x-dev.pimcore.fun/admin/login
On left side menu go to document --> perspective --> cdp https://11.x-dev.pimcore.fun/admin/?perspective=CDP
it will take you to customers data select any customer data eg: 1020 or 5020
Now go to dashboard select Grid option
select left side menu Extactor --> Getter --> operate Any Getter
it opens settings window
now add payload in Label or Attribute or Parameter
click save and share fill the form
click save and check the grid options which you saved earlier alert will pop up
// PoC.js var payload = "><iMg SrC="x" oNeRRor="alert(1);">
# Impact The attacker is capable to stolen the user session cookie. it will leads to complete account takeover.