[HIGH] Cross site scripting via canonical URL

PKSA-jgdm-q1xh-kwnj CVE-2022-24899 GHSA-m8x6-6r63-qvj2

Affected package: contao/contao

Affected version: >=4.13.0,<4.13.3

Reported by:
FriendsOfPHP/security-advisories, GitHub