Name of the Vulnerable Software and Affected Versions: PIMCORE (affected versions not specified)

Description: A Stored Cross-Site Scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the PDF upload functionality. This can result in the execution of malicious scripts in the context of the user's browser when the PDF is viewed, leading to potential session hijacking, defacement of web pages, or unauthorized access to sensitive information. The vulnerability is present in the PDF upload functionality of the PIM Core Upload module, where the application fails to properly sanitize the content, allowing embedded scripts to be executed when the PDF is viewed.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.