Craft CMS prior to 3.1.31 does not properly filter XML feeds and thus allowing XSS.
craftcms craft cms