Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
Published October 11, 2019.
Craftcms Craft CMS
