[MEDIUM] Contao: Insufficient BBCode sanitizer

PKSA-38dw-gzd8-gz6c CVE-2024-28234 GHSA-j55w-hjpj-825g

Affected package: contao/comments-bundle

Affected version: >=5.0.0-RC1,<5.3.4|>=2.0.0,<4.13.40

Reported by:
GitHub