A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that page.
{ "github_reviewed_at": "2022-11-22T00:00:16Z", "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2022-11-23T02:15:00Z", "severity": "MODERATE", "github_reviewed": true }