The Layout Builder module doesn't sufficiently sanitize block labels in certain scenarios, which can lead to a cross-site scripting (XSS) vulnerability.
This is mitigated by the fact that both the attacker and the targeted user need to be using the Layout Builder editing interface.
{
"constraint": "<10.6.13"
}{
"constraint": ">=11.3.0 <11.3.14"
}