pimcore/pimcore is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the SEO and Settings
feature because it does not properly validate the HTML tags, which allows attackers to inject and execute malicious JavaScript into the browser.