163 matches found
XSS in Quantity Value of Data Objects module in Settings
Description pimcore is vulnerable to XSS at Abbreviation and Longname fields in Quantity Value of Data Objects module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Data Objects - Quantity Value. 3.In the...
XSS in Classes of Data Objects module in Settings
Description pimcore is vulnerable to XSS at fromDate and toDate fields in Classes of Data Objects module in Settings. Payload " Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ and login. 2.In the left menu bar, go to Settings - Data Objects - Classes and click on any class. 3.In the...
GHSA-6VF6-G3PR-J83H pimcore is vulnerable to cross-site scripting via "title field " in data objects
Impact The vulnerability is capable of resulting in stolen user cookies. Proof of Concept Login with dev account https://11.x-dev.pimcore.fun/admin/?dc=1670962076&perspective= Go to setting -- data objects -- classes -- events Click media under genaral settings Add payload in title field. Go to...
pimcore is vulnerable to cross-site scripting via "title field " in data objects
Impact The vulnerability is capable of resulting in stolen user cookies. Proof of Concept Login with dev account https://11.x-dev.pimcore.fun/admin/?dc=1670962076&perspective= Go to setting -- data objects -- classes -- events Click media under genaral settings Add payload in title field. Go to...
Cross site scripting vulnerability in pimcore
Description Cross site scripting vulnerability in pimcore/pimcore "title field " in data objects Proof of Concept 1. Login with dev account https://11.x-dev.pimcore.fun/admin/?dc=1670962076&perspective= 2. Go to setting -- data objects -- classes -- events 3. Click media under genaral settings 4...
Cross-Site Scripting (XSS)
pimcore is vulnerable to cross-site scripting. The vulnerability exists in User/Roles because the path column in Users' Workspaces is not properly escaped allowing an attacker to inject and execute payload xss at documents, assets and data objects...
Reflected XSS In User/Roles Function
Description URL: https://demo.pimcore.fun/admin/ In Setting select User/Roles and select User. After created user, move to Workspace tab and inject payload XSS at Documents, Assets and Data Objects. XSS payload will be trigger. Besides, Workspace in Roles Also having the same situation. Can you...
GHSA-276R-24XQ-HWG8 Pimcore XSS Vulnerability
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...
Pimcore XSS Vulnerability
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...
Stored XSS in Tooltip
Description The Classes in Data Objects have the Tooltip field. It is vulnerable to XSS attack. Proof of Concept STEP1: login https://demo.pimcore.fun/admin/ STEP2: Settings-Data Objects-Classes. Then choose an item, like product Data-AccessoryPart AP-compatibleTo。 STEP3: add payload in tooltip...
Cross-site Scripting (XSS)
pimcore is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization in the input in Field-Collections and Objectbricks in Data Objects...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of Abbreviation, Longname, Converter Service at "Settings" = "Data Objects" = "Quantity Value" in the...
Amazon S3 Bucket Detected
Amazon Simple Storage Service S3 is a public cloud storage service available in Amazon Web Services AWS which provides a programmatic way to store and retrieve data objects in storage containers called buckets. Web applications often rely on storage buckets to serve static assets images or script...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
Description Pimcore settings module is vulnerable to stored cross site scripting Proof of Concept 1 . Login to dev demo account. https://10.x-dev.pimcore.fun/ 2 . Goto settings --data objects --Add a new class -- add payload in icon field 3 . Click save and close and open that class alert will...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
Description pimcore is vulnerable to Stored Cross-Site Scripting in the name field via the import functionality. Steps to reproduce: 1. Navigate to settings -- Data Objects -- Objectbricks 2. ave the following data as JSON file and import it: json "classDefinitions": , "key": null, "parentClass":...
Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
Description pimcore is vulnerable to Reflected XSS via the Search function for Document, Assets and Data Objects. Steps to reproduce 1.Login to pimcore admin. 2.In the left menu bar, click the Search icon then choose Documents, the Search Documents tab will display. 3.Input payload " into the...
SOURCEFORGE Adminer 跨站脚本漏洞
SOURCEFORGE Adminer is an application from the American SOURCEFORGE community. Provides database management in a single PHP file. A security vulnerability exists in Adminer versions 4.6.1 through 4.8.0, which stems from Adminer's use of the pdo extension to communicate with the database, and...
PT-2024-11089 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from the Linux kernel's handling of Power Data Objects PDOs when connected to a PD-capable source. The kernel only receives the first 4 PDOs due to the MESSAGE IN leng...
Adobe Acrobat Reader DC ESObject Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
Microsoft ActiveX Data Objects Remote Code Execution (CVE-2019-0888)
A use-after-free vulnerability exists in ActiveX Data Objects. This vulnerability is due to the way that ActiveX Data Objects ADO handle objects in memory. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...