$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] is not properly encoded in page module
The page module, when selecting the rootpage, show $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'],
but fails to properly html encode the value.
Thanks to Pradeep Jairamani for reporting that privately to firstname.lastname@example.org
Although this can be considered as stored XSS vulnerability, we can follow our policy to handle this case in public,
because it is only exploitable by admins.