Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
Published December 2, 2021.
Craftercms Crafter CMS