Pimcore prior to version 10.4 is vulnerable to stored cross-site scripting in Tooltip. References https://nvd.nist.gov/vuln/detail/CVE-2022-1351 https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615 https://github.com/advisories/GHSA-xcr3-4qvr-54rh
