Medium severity5.4NVD Advisory· Published Apr 27, 2026· Updated May 18, 2026
CVE-2026-5362
CVE-2026-5362
Description
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered.
This issue affects pimcore: v12.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ghsa-coords
Patches
Vulnerability mechanics
References
3- fluidattacks.com/es/advisories/magonvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-7gxw-q9j5-mrj4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-5362ghsaADVISORY
News mentions
0No linked articles in our index yet.