Daugsbi

**Name of the Vulnerable Software and Affected Versions** react-admin versions prior to 3.19.12 and 4.7.6 ra-ui-materialui versions prior to 3.19.12 and 4.7.6 **Description** The issue affects all React applications built with react-admin and using the `<RichTextField>`. This component outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization, which can lead to a cross-site scripting (XSS) attack if the data is not sanitized server-side. **Recommendations** For versions prior to 3.19.12 and 4.7.6, update to version 3.19.12 or 4.7.6, which use `DOMPurify` to escape the HTML before outputting it with React and `dangerouslySetInnerHTML`. As a temporary workaround, users may replace the `<RichTextField>` with a custom field that performs sanitization manually. If you already sanitize HTML data server-side, you do not need to upgrade.