[MEDIUM] XSS injection in backoffice

PKSA-ypt7-9px1-jhvb GHSA-pp7v-wxx9-hm6r

Affected version: >=2.1.0,<2.1.2

Reported by:
GitHub, FriendsOfPHP/security-advisories