Lucene search
Tht1997701CFC30-22A1-4C4B-9B2F-885C77C290CEHistoryMar 26, 2023 - 1:56 p.m.
XSS in Upload file PDF in pimcore/pimcore
2023-03-2613:56:31
tht1997
www.huntr.dev
8
Description
pimcore is vulnerable to XSS at Filedata field in Document Upload
Payload
Payload File: https://drive.google.com/file/d/1tDcOcuzyJrFnT7RH-VmVq6XwXC1yh-AF/view?usp=sharing
URL
URL: https://11.x-dev.pimcore.fun/admin/asset/add-asset?parentId=379&dir=&allowOverwrite=0
Proof of Concept
Step 1. Go to https://11.x-dev.pimcore.fun/admin/ and login.
Step 2. In Documents, go to home -> click on Sample Content -> click Document folder
Step 3. Upload file PDF content XSS payload
Step 4. Open file PDF in XSS alert
Related
veracode
veracode
Cross-Site Scripting(XSS)
2023-11-01 11:36:02
osv
osv
CVE-2023-5873
2023-10-31 09:15:09
Pimcore Cross-site Scripting vulnerability
2023-10-31 09:30:54
github
github
Pimcore Cross-site Scripting vulnerability
2023-10-31 09:30:54
prion
prion
Cross site scripting
2023-10-31 09:15:00
cvelist
cvelist
CVE-2023-5873 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
2023-10-31 08:06:44
cve
cve
CVE-2023-5873
2023-10-31 09:15:09
6.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
7.3%
Related for 701CFC30-22A1-4C4B-9B2F-885C77C290CE