[MEDIUM] Cross-Site Scripting in CKEditor

PKSA-5y7r-7h1g-qrym CVE-2018-17960 GHSA-g68x-vvqq-pvw3

Affected package: typo3/cms-core

Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2

Reported by:
GitHub, FriendsOfPHP/security-advisories