[MEDIUM] XSS vulnerability with double-encoded entities

PKSA-nyyp-2pk1-frkz CVE-2019-10010 GHSA-3v43-877x-qgmq

Affected version: <0.18.3

Reported by:
GitHub, FriendsOfPHP/security-advisories