wordpress is vulnerable to cross-site scripting (XSS). The vulnerability exists as authenticated users can inject JavaScript code in the block editor that will be executed when it is rendered.
github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e
github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94
hackerone.com/reports/738644
seclists.org/bugtraq/2020/Jan/8
wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
wpvulndb.com/vulnerabilities/9976
www.debian.org/security/2020/dsa-4599
www.debian.org/security/2020/dsa-4677