craftcms/cms is vulnerable to cross-site scripting(XSS) attacks. The library does not properly escape user inputs through title
parameter in addressCardHtml function
, which allows an attacker to inject and execute malicious javascript on victim’s browser.