Stored XSS in module name "Search Documents" in pimcore/pimcore

Valid

Reported on

May 7th 2023


Description

The search documents function was infected with xss because the title payload was not filtered resulting in xss when searching to /de.

Proof of Concept

1.Go to edit page title /de

2.Enter this xss code

              <img src=x onerror=javascript:alert(('1'))>

3.Go to "Search Documents" and type in "7*7" search box to find /de

--> xss will be executed and an alert will appear

Video PoC

https://drive.google.com/file/d/1qTiev3mUJy1V288CL5JR9RtHIpdYXQTy/view?usp=sharing

Impact

This vulnerability is capable of stolen the user cookie

We are processing your report and will contact the pimcore team within 24 hours. 10 months ago
We have contacted a member of the pimcore team and are waiting to hear back 10 months ago
H4ck3r Kh0ỏng
8 months ago

Researcher


hi is there any new update

pimcore/pimcore maintainer has acknowledged this report 8 months ago
aryaantony92 validated this vulnerability 8 months ago
chucsse has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Divesh Pahuja marked this as fixed in 10.6.4 with commit 92811f 7 months ago
The fix bounty has been dropped
This vulnerability has now been published 7 months ago
to join this conversation