Cross-site Scripting (XSS)

pimcore is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization in the input in Field-Collections and Objectbricks in Data Objects...

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in multiple places including: 1 Field-Collections in Data Objects 2 Objectbricks in Data Objects Proof of Concept for both 1 & 2 Step 1: Go to https://10.x-dev.pimcore.fun/admin/ and login. Step 2: Click Settings Data Objects Field-Collectio...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description pimcore is vulnerable to Stored Cross-Site Scripting in the name field via the import functionality. Steps to reproduce: 1. Navigate to settings -- Data Objects -- Objectbricks 2. ave the following data as JSON file and import it: json "classDefinitions": , "key": null, "parentClass":...