Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
Jan 21st 2022
Reflected cross site scripting vulnerability in pimpore/pimcore , it is in group field in Field collections and objectbricks in settings module.
Proof of Concept
1 .Login to demo account
2 . Go to settings module -->data objects -->object bricks or Field collection --> edit any one and add payload in group name
3 .Click Save xss will trigger
This vulnerability is capable of stolen the user cookie