Stored Cross-Site Scripting (XSS) via uploaded files served inline in FileField and ImageField

PKSA-8yhb-cz5n-f41h

Affected version: >=5.0.0,<5.0.13

Reported by:
FriendsOfPHP/security-advisories

Path traversal and reflected XSS in Flag and Icon Twig components

PKSA-z6tn-c4hk-yb9y

Affected version: >=4.0.0,<4.29.10|>=5.0.0,<5.0.10

Reported by:
FriendsOfPHP/security-advisories