Highdenolfe

**Name of the Vulnerable Software and Affected Versions** Payload versions prior to 3.78.0 **Description** Payload is a free and open source headless content management system. A stored Cross-Site Scripting (XSS) issue existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another user, would execute in their browser. The issue affects consumers if they are using a Payload version less than 3.78.0, have at least one collection with versions enabled, and an authenticated user has `create` or `update` access to that collection. **Recommendations** Upgrade to version 3.78.0 or later. Restrict `create` and `update` access to versioned collections to trusted roles only.