Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting XSS. The showEmailLogAction function in bundles/AdminBundle/Controller/Admin/EmailController.php allows script execution in the Email Log preview window due to the lack of a Content-Security-Policy header...