CVE-2026-5362

N/A

Descripcion

An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.

Detalles CVE

Puntuacion CVSS v3.1N/A

Publicado4/27/2026

Ultima modificacion4/28/2026

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-79

Referencias

https://fluidattacks.com/es/advisories/mago(help@fluidattacks.com)

https://github.com/pimcore/pimcore/(help@fluidattacks.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.