CiviEvent included multiple screens with a vulnerability to cross-site scripting (XSS).
CiviCRM version 5.64.3 and earlier
CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)
Upgrade to the fixed version of CiviCRM
Bradley Taylor of Bright minded
Coleman Watts of CiviCRM
Seamus Lee of JMA Consulting/CiviCRM