typo3/cms-core is vulnerable to cross-site scripting(XSS) attacks. A malicious user with a valid backend user account is able to pass harmful HTML content via the form designer backend module of the form framework, allowing an attacker to execute malicious javascript on victim’s browser.
github.com/TYPO3/typo3/commit/3b16f036858ccdf3af8d7958fae7f449b6838bb9
github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0
github.com/TYPO3/typo3/commit/f311198e8ecf687c0217749d07abebaf93a3152a
github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg
typo3.org/security/advisory/typo3-core-sa-2022-003