Craft CMS 3.70-RC1–3.7.55.1 and 4.0.0-RC1–4.2.0.1 are vulnerable to Cross Site Scripting (XSS) via entry revisions and drafts. Versions 3.7.55.2 and 4.2.1 contain patches for this issue.
3.70-RC1
3.7.55.1
4.0.0-RC1
4.2.0.1
3.7.55.2
4.2.1