Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
All versions starting from 4.0.0-rc1 up to 4.4.6
Upgrade to version 4.4.7 or above.