CVE-2026-5362
MEDIUMPimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering
Title source: cnaDescription
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://fluidattacks.com/es/advisories/mago
Product product
https://github.com/pimcore/pimcore/
Scores
CVSS v3
5.4
EPSS
0.0019
EPSS Percentile
9.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (3)
pimcore/pimcore
Packagist
pimcore/pimcore
12.3.3
pimcore/pimcore
v12.3.3
Published
Apr 27, 2026
Tracked Since
Apr 28, 2026