A user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended.
A person with access to the backoffice and the "users" section could send a user invite and inject HTML code into the invite message.
{ "nvd_published_at": "2023-12-12T17:15:07Z", "cwe_ids": [ "CWE-79" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2023-12-13T13:17:37Z" }