-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper neutralization of user input in print document rendering. Stored XSS implies the payload persists in documents and executes during rendering. The patch PR #14560 likely adds output escaping in these document preview/generation entry points. The high-confidence function (previewAction) is a common XSS surface in MVC controllers, while the medium-confidence function (getControllerView) reflects deeper document processing logic where unescaped data might flow into templates.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pimcore/pimcore | composer | < 10.5.19 | 10.5.19 |