pimcore is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to the processDocument
function which lack s checks whether a PDF document contains JavaScript code. This allows an attacker to to inject malicious scripts into the browser.
CPE | Name | Operator | Version |
---|---|---|---|
pimcore/pimcore | le | v11.0.12 | |
pimcore/pimcore | le | v11.0.12 |