Cross-site Scripting (XSS) - Stored in aimeos/aimeos-laravel


Reported on

Jul 4th 2021

✍️ Description

Integrated online shop based on Laravel 6 LTS and the Aimeos e-commerce framework this webapp is vulnerabel for stored xss thru filename

🕵️‍♂️ Proof of Concept


💥 Impact

This vulnerability is capable admin ac takeover , XSS

Abdul muhaimin modified the report
2 years ago
Aimeos validated this vulnerability 2 years ago
Abdul muhaimin has been awarded the disclosure bounty
The fix bounty is now up for grabs
2 years ago


Fixed by

Aimeos marked this as fixed with commit 2d544d 2 years ago
Aimeos has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation