pimcore/perspective-editor is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of sanitization when adding a perspective name, which allows an attacker to steal a users cookie and gaining unauthorized access to that user’s account.
github.com/pimcore/perspective-editor/commit/16979055c684ff3321cf0945d11a1b0ee1e4b8d2
github.com/pimcore/perspective-editor/commit/16979055c684ff3321cf0945d11a1b0ee1e4b8d2
github.com/pimcore/perspective-editor/security/advisories/GHSA-fq8q-55v3-2986
huntr.dev/bounties/5529f51e-e40f-46f1-887b-c9dbebab4f06/