typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to improper sanitization of file extensions containing malicious sequences when accessing the serverβs file system directly or through synchronization, which allows an attacker to execute arbitrary scripts in the context of the user session.