Cross-site Scripting (XSS) - Stored in aimeos/aimeos-laravel

Valid

Reported on

Jul 4th 2021

✍️ Description

Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this webapp is vulnerabel for stored xss thru filename

poc

This vulnerability is capable admin ac takeover , XSS

Abdul muhaimin modified the report

2 years ago

Aimeos validated this vulnerability 2 years ago

Abdul muhaimin has been awarded the disclosure bounty

The fix bounty is now up for grabs

commented 2 years ago

Maintainer

Fixed by https://github.com/aimeos/ai-cms-grapesjs/commit/5b8224b7b923fe6dd3016394238778a1202ce2d5

Aimeos marked this as fixed with commit 2d544d 2 years ago

Aimeos has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation