CVE-2026-5362

Name of the Vulnerable Software and Affected Versions pimcore version 12.3.3

Description An authenticated attacker with permissions to edit document content can store crafted HTML or JavaScript within a Document embed editable. This leads to script execution when the published page is rendered, a process known as Stored Cross-Site Scripting (XSS), where malicious scripts are permanently stored on the target server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.