Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Strapi has stored XSS in the wysiwyg editor's preview feature.
Advisories for Npm/Strapi-Plugin-Content-Manager package
2020
Strapi has stored XSS in the wysiwyg editor's preview feature.