typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). This vulnerability is due to inadequate input encoding in the FEUSER_[fieldName]
template patterns, utilized by the felogin system extension for regular frontend rendering, which allows an attackers to inject malicious scripts into the frontend.