Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x
https://github.com/craftcms/cms/releases/tag/4.4.6
https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f