WordPress 5.2.2 - Cross-Site Scripting (XSS) in Stored Comments
From the WordPress version release notes:
"Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments."