XSS in Conditions tab of Pricing Rules in pimcore/pimcore

Valid

Reported on

Mar 27th 2023

Description

While testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Conditions tab of Pricing Rules, specifically at From and To fields of Date Range section.

Proof of Concept

1.Go to https://11.x-dev.pimcore.fun/admin/ then login.
2.On the left menu bar, go to Pricing Rules then click on any rule here.
3.Go to the Conditions tab then click on the add button and add the Date range.
4.At the Date Range section, input the payload "><img src=x onerror=alert(document.domain);> into the From and To fields and click on Save button.
5..Click OK when the error is prompted, then click on that input fields again and keep the mouse pointer hovers on it, you will see the XSS popup triggers.

Impact

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

We are processing your report and will contact the pimcore team within 24 hours. 2 months ago

A pimcore/pimcore maintainer has acknowledged this report 2 months ago

Kan09 modified the report

2 months ago

Christian F. validated this vulnerability a month ago

Kan09 has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Divesh Pahuja marked this as fixed in 10.5.21 with commit a44915 a month ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

Divesh Pahuja published this vulnerability a month ago

to join this conversation