[MEDIUM] Craft CMS Vulnerable to Stored XSS in Number Prefix & Suffix Fields

PKSA-5pj5-nxp6-547h CVE-2026-25496 GHSA-9f5h-mmq6-2x78

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<=4.16.17|>=5.0.0-RC1,<=5.8.21

Reported by:
GitHub