[HIGH] Cross site scripting via canonical URL

PKSA-jc9p-83z1-zst8 CVE-2022-24899 GHSA-m8x6-6r63-qvj2

Affected package: contao/core-bundle

Affected version: >=4.13.0,<4.13.3

Reported by:
FriendsOfPHP/security-advisories, GitHub