Authenticated XSS in pimcore v12.3.3 Document embed editable
CVE-2026-5362 Published on April 27, 2026

Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.

NVD

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2026-5362 has been classified to as a XSS vulnerability or weakness.

Products Associated with CVE-2026-5362

Want to know whenever a new CVE is published for Pimcore? stack.watch will email you.

Pimcore

Affected Versions

pimcore Version v12.3.3 is affected by CVE-2026-5362

Authenticated XSS in pimcore v12.3.3 Document embed editableCVE-2026-5362 Published on April 27, 2026

Weakness Type

What is a XSS Vulnerability?

Products Associated with CVE-2026-5362

Affected Versions

Authenticated XSS in pimcore v12.3.3 Document embed editable
CVE-2026-5362 Published on April 27, 2026