10 matches found
Pimcore has an authenticated Cross-site Scripting issue
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
GHSA-7GXW-Q9J5-MRJ4 Pimcore has an authenticated Cross-site Scripting issue
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
Cross-site Scripting (XSS)
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Document embed editable process. An attacker can execute arbitrary scripts in the context of users viewing the rendered pag...
CVE-2026-5362
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
CVE-2026-5362 Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
EUVD-2026-25917
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
CVE-2026-5362
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
CVE-2026-5362
CVE-2026-5362 affects Pimcore Platform v12.3.3. An authenticated user with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable, leading to script execution when the published page renders. Root cause: stored XSS in the Document embed rendering. Impac...
CVE-2026-5362 Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
PT-2026-35523
🚨 New zero-day in pimcore | Detected by our AI SAST scanner and disclosed by Oscar Naveda. As a CNA, we assigned the ID CVE-2026-5362. Details: 🔗 https://t.co/iZiXYRAAcM. We have announced 232 CVEs to this date: 🔗 https://t.co/fgMrQcycLm https://t.co/gFxbxDglVo...