Medium severityNVD Advisory· Published Apr 27, 2026· Updated Apr 28, 2026
CVE-2026-5362
CVE-2026-5362
Description
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered.
This issue affects pimcore: v12.3.3.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-7gxw-q9j5-mrj4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-5362ghsaADVISORY
- fluidattacks.com/es/advisories/magonvdWEB
News mentions
0No linked articles in our index yet.