openslides is vulnerable to cross-site scirpting (XSS). An attacker is able to inject a malicious script via various places, e.g. for personal notes or in motions and get it executed when other users read the respective text.
github.com/OpenSlides/OpenSlides/blob/master/CHANGELOG.rst#version-33-2020-12-18
github.com/OpenSlides/OpenSlides/commit/6eae497abeab234418dfbd9d299e831eff86ed45
github.com/OpenSlides/OpenSlides/commit/f3809fc8a97ee305d721662a75f788f9e9d21938
github.com/OpenSlides/OpenSlides/pull/5714
github.com/OpenSlides/OpenSlides/security/advisories/GHSA-w5wr-98qm-jx92
www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-043.txt