GHSA-6vf6-g3pr-j83h

Опубликовано: 20 янв. 2023

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

pimcore is vulnerable to cross-site scripting via "title field " in data objects

Impact

The vulnerability is capable of resulting in stolen user cookies.

Proof of Concept

Login with dev account https://11.x-dev.pimcore.fun/admin/?_dc=1670962076&perspective= Go to setting --> data objects --> classes --> events Click media under genaral settings Add payload in title field. Go to data objects module and open events, xss will trigger // PoC.js "><iMg SrC="x" oNeRRor="alert(xss);">

Patches

Update to version 10.5.14 or apply this patch manually https://github.com/pimcore/pimcore/pull/13916.patch

Workarounds

Apply https://github.com/pimcore/pimcore/pull/13916.patch manually.

References

https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343/

Ссылки

Пакеты

Наименование

pimcore/pimcore

composer

Затронутые версииВерсия исправления

< 10.5.14

10.5.14

EPSS

Процентиль: 1%

0.0001

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2023-0323

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-0323

CVSS3: 5.4

nvd

около 3 лет назад

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.

EPSS

Процентиль: 1%

0.0001

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2023-0323

Дефекты

CWE-79