Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
https://www.silverstripe.org/download/security-releases/CVE-2022-38145
https://www.silverstripe.org/download/security-releases/