A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
An attacker must have access to the CMS to exploit this issue.
A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
An attacker must have access to the CMS to exploit this issue.