Robertst7Auth

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore versions prior to 10.5.21 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which allows an attacker to steal a user's session cookie, potentially leading to complete account takeover. **Recommendations** For versions prior to 10.5.21, update to version 10.5.21. As a temporary workaround, consider applying the patch manually from https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e.

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore versions prior to 10.5.14 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which can result in stolen user cookies. A proof of concept involves logging in with a dev account, navigating to specific settings, and adding a payload to a title field, triggering the XSS when opening events in the data objects module. **Recommendations** For versions prior to 10.5.14, update to version 10.5.14 to resolve the issue. As a temporary workaround, consider applying the patch from https://github.com/pimcore/pimcore/pull/13916.patch manually to mitigate the risk.