GHSA-26jh-r8g2-6fpr: Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

GHSA-gvv6-33j7-884g: Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.

**Package**

composer brotkrueml/schema (Composer)

**Affected versions**

\>= 2.0.0, < 2.5.1

< 1.13.1

**Patched versions**

2.5.1

1.13.1