A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue.
{ "nvd_published_at": "2022-11-23T02:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-11-21T23:59:38Z" }