It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting.
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-1.yaml
github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/966a0038c16c04d484c1703fba9fdc13f3e7a95c
github.com/TYPO3/typo3/commit/9692bf83f8310cca17c9a968c4fe92ffe0deb59d
github.com/TYPO3/typo3/commit/e971b012c837f1e64c1498b567ef6eec304febe5
typo3.org/security/advisory/typo3-core-sa-2019-021