Craft CMS before 3.7.29 allows cross-site scripting. References https://nvd.nist.gov/vuln/detail/CVE-2022-28378 https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729—2022-01-18 https://github.com/craftcms/cms/commit/7ca2b2d2ccecfb524525afc8ceac6f6e44f84b88 https://github.com/advisories/GHSA-7xj5-fwqr-5378