CVE-2026-5362

UNKNOWN 0.0

Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.

CWE	CWE-79
Vendor	pimcore
Product	pimcore
Published	Apr 27, 2026

Stay Ahead of the Next One

Get instant alerts for pimcore pimcore

Be the first to know when new unknown vulnerabilities affecting pimcore pimcore are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

pimcore / pimcore

v12.3.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

fluidattacks.com: https://fluidattacks.com/es/advisories/mago github.com: https://github.com/pimcore/pimcore/

Credits

Oscar Naveda Fluid Attacks' AI SAST Scanner