CVEs affecting projects tracked on Release Alert, from NVD & OSV.
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.