Pavel910

**Name of the Vulnerable Software and Affected Versions** @webiny/react-rich-text-renderer versions prior to 5.37.2 **Description** The issue arises when a content manager with access to the CMS inserts a malicious script as part of the user-defined input, which is then injected and executed within the user's browser when the main page or admin page loads. This is due to the `@webiny/react-rich-text-renderer` using the `dangerouslySetInnerHTML` prop without applying HTML sanitization. The `@webiny/react-rich-text-renderer` package depends on the editor.js rich text editor to handle rich text content. **Recommendations** Update to Webiny version 5.37.2 to patch this vulnerability. If you're running a Webiny project created prior to 5.35.0 and you're using the legacy rich text editor, update to version 5.37.2. If you've already switched to using the new rich text editor, powered by Lexical editor, no action is required.