Sitecore has recently announced Security Bulletin SC2022-001-500712
You can read in depth on the Sitecore Support website here.
This vulnerability affects a wide range of versions and should be patched immediately.
All Dataweavers customers were patched as early as the 6th of January with the last customers rolled out on the 14th of January. This highlights the importance of a CSP (Content Security Policy) to further reduce the risk of XSS (Cross Site Scripting) events. Whilst not appropriate for all websites and does add a layer of ongoing maintenance, the CSP mechanism is widely support and extremely powerful.
You can read more about CSP's here.
You can test your websites CSP status here.
If you are unsure on how to apply the security patch to your Sitecore solution, contact us today to discuss our free security remediation service.