pimcore is vulnerable to XSS at Filedata field in Document Upload
Payload File: https://drive.google.com/file/d/1tDcOcuzyJrFnT7RH-VmVq6XwXC1yh-AF/view?usp=sharing
URL: https://11.x-dev.pimcore.fun/admin/asset/add-asset?parentId=379&dir=&allowOverwrite=0
Step 1. Go to https://11.x-dev.pimcore.fun/admin/ and login.
Step 2. In Documents, go to home -> click on Sample Content -> click Document folder
Step 3. Upload file PDF content XSS payload
Step 4. Open file PDF in XSS alert