Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
This issue affects:
8.8.X versions prior to 8.8.10;
8.9.X versions prior to 8.9.6;
9.0.X versions prior to 9.0.6.