[MEDIUM] Cross-Site Scripting in Language Pack Handling

PKSA-n1qf-pfk3-6gdz GHSA-5j86-5xvg-7q93

Affected package: typo3/cms

Affected version: >=9.0.0,<9.5.4

Reported by:
GitHub, FriendsOfPHP/security-advisories