wordpress is vulnerable to cross-site scripting (XSS). The vulnerability exists as authenticated users can inject JavaScript code in the block editor that will be executed when it is rendered.
github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
github.com/WordPress/WordPress/commit/20740afc8fe6b095ef9b927be7f601c9b9cae472
hackerone.com/reports/731301
seclists.org/bugtraq/2020/Jan/8
wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
wpvulndb.com/vulnerabilities/9976
www.debian.org/security/2020/dsa-4599
www.debian.org/security/2020/dsa-4677