Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-HQV9-6JQW-9G8M
HistoryJul 12, 2023 - 5:29 p.m.

Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page

2023-07-1217:29:02
CWE-79
GitHub Advisory Database
github.com
9
pimcore
admin ui
cross-site scripting
2 factor authentication
vulnerable endpoint
html injection
xss
qr code
attack vector
arbitrary scripts
cookie stealing
defacement
phishing urls
patches
workarounds
references

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

46.9%

JSON

Summary

Unauthenticated HTML Injection / XSS Possible.
Conditions: 2factor authentication must not set before

Vulnerable Endpoint: /admin/login/2fa-setup

Vulnerable Param: error=
How it works, So basically any admin, who has not setup 2 factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts / HTML Contents.

Another potential attack vector, as it’s a 2fa page and it has QR Code, attacker can replace this QR Code with something he has, leading to increase threat to the admin.

This attack can be used to execute arbitrary scripts or HTML Injection, causing the target application to execute these resulting in cookie steeling, defacement or Injecting phishing URLs on the target application.

Patches

Update to version 1.0.3 or apply this patches manually
https://github.com/pimcore/admin-ui-classic-bundle/commit/5fcd19bdc89a3fe4cb8ad8c356590e1e4740c743.patch

Workarounds

Apply patches manually: https://github.com/pimcore/admin-ui-classic-bundle/commit/5fcd19bdc89a3fe4cb8ad8c356590e1e4740c743.patch

References

https://huntr.dev/bounties/1fa1cc3b-75ff-4d34-99ae-4a705eb623e7/

Affected configurations

Vulners
Node
pimcoreadmin_classic_bundleRange<1.0.3pimcore
VendorProductVersionCPE
pimcoreadmin_classic_bundle*cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*

Related

cve 1
veracode 1
cvelist 1
osv 2
prion 1
nvd 1
cve
cve
CVE-2023-37280
2023-07-11 19:15:09
veracode
veracode
Cross-site Scripting (XSS)
2023-07-14 08:52:45
cvelist
cvelist
CVE-2023-37280 Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page
2023-07-11 18:19:37
osv
osv
Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page
2023-07-12 17:29:02
CVE-2023-37280
2023-07-11 19:15:09
prion
prion
Hardcoded credentials
2023-07-11 19:15:00
nvd
nvd
CVE-2023-37280
2023-07-11 19:15:09

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

46.9%

JSON
Related for GHSA-HQV9-6JQW-9G8M
cve1veracode1cvelist1osv2prion1nvd1