pimcore is vulnerable to cross-site scripting. The vulnerability exists in User/Roles
because the path column in Users’ Workspaces is not properly escaped allowing an attacker to inject and execute payload xss at documents, assets and data objects.