Cross Site Scripting (XSS) in UrlSlug in pimcore/pimcore

Valid

Reported on

Mar 9th 2023

Description

Please enter a description of the vulnerability. Cross Site Scripting (XSS) in UrlSlug of pimcore/pimcore

Its Different than https://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422/

Proof of Concept

1. Login in stable account URL : https://11.x-dev.pimcore.fun/admin/
2. Go to System Data ---> UrlSlug
3. Enter Payload in UrlSlug with starting with "/" slash.
4. then go to Content-Master Document , Enter Random Value in Document. 
5. Save & Publish and Hit Apply 
6. Go to SEO & Setting.
For more understanding please check POC.
// PoC.js
var payload = /"><img src=x onerror=alert(document.domain);>
POC : https://drive.google.com/file/d/1Akm1vYR0Por2hD0TWFvIfQLqJDfiO0bT/view?usp=sharing

Impact

An attacker can use XSS to send a malicious script to an unsuspecting user.

References

We are processing your report and will contact the pimcore team within 24 hours. 22 days ago

We have contacted a member of the pimcore team and are waiting to hear back 21 days ago

A pimcore/pimcore maintainer has acknowledged this report 18 days ago

Divesh Pahuja validated this vulnerability 15 days ago

Onkar_1902 has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Divesh Pahuja marked this as fixed in 10.5.19 with commit c59d0b 15 days ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

Divesh Pahuja published this vulnerability 15 days ago

to join this conversation