[MEDIUM] Contao: Cross site scripting in the file manager

PKSA-bxmw-zt4x-f182 CVE-2024-28190 GHSA-v24p-7p4j-qvvf

Affected package: contao/core-bundle

Affected version: >=5.0.0-RC1,<5.3.4|>=4.0.0,<4.13.40

Reported by:
GitHub