CVE-2021-39166

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 10.1.2

Description The issue concerns the Pimcore open source data & experience management platform. In this platform, text-values were not properly escaped before being printed in the version preview. This allowed cross-site scripting (XSS) attacks by authenticated users who had access to the resources.

Recommendations For Pimcore versions prior to 10.1.2, update to version 10.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the version preview feature to minimize the risk of exploitation.