Stored html injection on segment name in pimcore/customer-data-framework
Jul 26th 2023
I have found an HTML Injection vulnerability on your web application. HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page.
Note : I am recreating the report as you requested. https://huntr.dev/bounties/b2edcaf2-327d-45fd-9e54-ea4c164466a1/
Steps to reprduce:
- Navigate the urla and https://demo.pimcore.fun/admin and login.
- Select perspective --> CDP and click on any user profile
- Click Edit ->Segmentation -> Calculated segments (open the folder).
- Enter the html payload Segment name field and save it.
- Go to the customers option, payload successfully worked.
Proof of Concept
As HTML injection works in email an attacker can trick a victim to click on such hyperlinks to redirect him to any malicious site and also can host a XSS page. All this will surely cause some damage to the victim. This could lead to users being tricked into giving logins away to malicious attackers.