This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.
Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14721.patch
Apply https://github.com/pimcore/pimcore/pull/14721.patch manually.
https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256/