[MEDIUM] Cross-Site Scripting in CKEditor

PKSA-qmq7-q129-2wts CVE-2018-17960 GHSA-g68x-vvqq-pvw3

Affected package: typo3/cms

Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2

Reported by:
GitHub, FriendsOfPHP/security-advisories