cross site scripting in pimcore/pimcore
Mar 10th 2023
Pimcore is vulnerable to Cross site scripting vulnerability in classes module.
Step to reproduce:
- Navigate to setting > Data Objects > Classes.
- Select any classes and add Composite indices.
- Add Xss payload on it.
Payload: "><img src=x onerror=alert(document.cookie)>
commented 2 months ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Divesh Pahuja validated this vulnerability 2 months ago
Rahul Parmar has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Divesh Pahuja marked this as fixed in 10.5.20 with commit 765832 2 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
to join this conversation