Pimcore 10.3.3 and prior is vulnerable to stored cross-site scripting. A patch is available on the 10.x branch and will likely be part of version 10.4.0.
{ "nvd_published_at": "2022-03-16T09:15:00Z", "github_reviewed_at": "2022-03-29T15:16:19Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }