Cross-site scripting (XSS) via script break-out in toScript() output

PKSA-6mmh-w4kg-c2xp

Affected version: >=3.23.1,<3.23.2|>=4.0.0,<4.0.2

Reported by:
FriendsOfPHP/security-advisories