EPSS
Percentile
38.5%
Vanilla before 2.6.1 allows XSS via the email field of a profile.
hackerone.com/reports/361957