CVE-2021-27781

The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.