[MEDIUM] Cross-Site Scripting through Fluid view helper arguments

PKSA-8nx7-7p1f-7mw8 CVE-2020-26216 GHSA-hpjm-3ww5-6cpf

Affected package: typo3fluid/fluid

Affected version: >=2.0.0,<2.0.8|>=2.1.0,<2.1.7|>=2.2.0,<2.2.4|>=2.3.0,<2.3.7|>=2.4.0,<2.4.4|>=2.5.0,<2.5.11|>=2.6.0,<2.6.10

Reported by:
GitHub, FriendsOfPHP/security-advisories