[MEDIUM] XSS vulnerability with double-encoded entities

PKSA-nyyp-2pk1-frkz CVE-2019-10010 GHSA-3v43-877x-qgmq

Affected version: <0.18.3

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] XSS vulnerability with unsafe link protocols

PKSA-g6p7-7rfc-zbp2 CVE-2018-20583 GHSA-qx76-c53f-5c7q

Affected version: >=0.15.6,<0.18.1

Reported by:
GitHub, FriendsOfPHP/security-advisories