[MEDIUM] TYPO3-CORE-SA-2026-006: TYPO3 HTML Sanitizer allows Cross-Site Scripting

PKSA-7jn3-yc49-35c6 CVE-2026-47345 GHSA-p5j5-4j3q-8mq8

Affected package: typo3/html-sanitizer

Affected version: <2.3.2

Reported by:
GitHub, FriendsOfPHP/security-advisories