The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for <6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881
The package should be updated to at least 6.8.1 to avoid XSS vulnerability.
Upgrade pimcore to release 11.2.3.
https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881