This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.
Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14732.patch
Apply https://github.com/pimcore/pimcore/pull/14732.patch manually.
https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f/
pimcore/pimcore