Cross-site Scripting in Pimcore Datahub

Pimcore Datahub prior to 1.2.4 is vulnerable to stored cross-site scripting. An admin user accessing Datahub triggers the attack, which may result in the user's cookie being stolen...

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in multiple places including: 1 Field-Collections in Data Objects 2 Objectbricks in Data Objects Proof of Concept for both 1 & 2 Step 1: Go to https://10.x-dev.pimcore.fun/admin/ and login. Step 2: Click Settings Data Objects Field-Collectio...

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in multiple places including: 1 the Pricing Rule of Online Shop in EcommerceFrameworkBundle. Whenever an admin user access Pricing Rule, a stored XSS will be triggered. 2 Image Thumbnails in Settings. Whenever an admin user access Image...

Cross-site Scripting (XSS) - Stored

Description pimcore datahub is vulnerable to Stored XSS in the Unique Indetifier of the function of "Add a new configuration" in Datahub. Whenever an admin user access data hub, a stored XSS will be triggered. Proof of Concept Step 1: Go to https://demo.pimcore.fun/admin/ and login. Step 2: Click...