All the comments areas (document, social, form, etc) could lead in a XSS vulnerabilities.
Risk level: Critical
Fix: Upgrade to version 3.3.10.8 or later.
* Hubshare
Issue has been fixed by using more appropriated angular native function to secure html rendering and avoid XSS leaks.
ACKNOWLEDGEMENT
We thank Michael Newton <mnewton@themissinglink.com.au> for responsible disclosure.
Date issued: 2022-08
LINKS
https://www.cve.org/CVERecord?id=CVE-2022-39017