Automattic: XSS Vulnerability on Pressable/Atomic Hosting Platform via unescaped admin notices leads to code execution

A cross-site scripting XSS vulnerability was discovered in the Pressable/Atomic Hosting Platform's admin notices feature. Unescaped text output in the atomic-platform.php file allowed arbitrary JavaScript code execution when an administrator updated or set the atomicsingleoptionlimiternotices...