MEDIUM
pimcore
CVE published 2026-04-27
CVE-2026-5362
A stored cross-site scripting (XSS) vulnerability in Pimcore v12.3.3 allows authenticated attackers with document editing permissions to inject malicious HTML/JavaScript through the Document embed editable feature. The payload executes when published pages are rendered, potentially compromising session tokens or performing actions on behalf of victims. The CVSS 4.0 score of 4.8 (Medium) reflects network a [truncated]