Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.
View the template here CVE-2022-48197.yaml
References:
https://www.exploit-db.com/exploits/51198