CVE-2026-5362

Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering

Description

An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.

INFO

Published Date :

2026-04-27T20:16:01.154Z

Last Modified :

2026-04-28T14:36:06.112Z

Source :

Fluid Attacks

AFFECTED PRODUCTS

The following products are affected by CVE-2026-5362 vulnerability.

Vendors	Products
Pimcore	Pimcore

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5362.

URL	Resource
https://fluidattacks.com/es/advisories/mago
https://github.com/pimcore/pimcore/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability