Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors
Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled.
Advisories for Composer/Aimeos/Ai-Cms-Grapesjs package
2025