CVE-2021-38138 | OneNav beta 0.9.12 allows XSS via the Add Link feature.
https://thejavasea.com/threads/cve-2021-38138-onenav-beta-0-9-12-allows-xss-via-the-add-link-feature.332/