CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-5362

An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.1%

CVSS Severity

CVSS v3 Score 5.4

References

https://fluidattacks.com/es/advisories/mago
https://github.com/pimcore/pimcore/

Products affected by CVE-2026-5362

Pimcore » Pimcore » Version: 12.3.3

cpe:2.3:a:pimcore:pimcore:12.3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-5362

Products

Pricing

Contact Us