[MEDIUM] TYPO3-CORE-SA-2026-010: Cross-Site Scripting in Indexed Search

PKSA-pg93-52nb-x8ym CVE-2026-47348 GHSA-cg75-qfg2-w9hj

Affected package: typo3/cms-core

Affected version: >=13.0.0,<13.4.31|>=14.0.0,<14.3.3

Reported by:
GitHub, FriendsOfPHP/security-advisories