[HIGH] Cross-Site Scripting in Language Pack Handling

PKSA-zmbz-zt2r-qk52 GHSA-96jg-pmc4-cx39

Affected package: typo3/cms-core

Affected version: >=9.0.0,<9.5.4

Reported by:
GitHub, FriendsOfPHP/security-advisories