An issue exists in Craft CMS prior to 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
craftcms craft cms