Typo3 Powermail still vulnerable to base64 encoded XSS

Bug ID #80888  was opened in April 2017 for a bypass vulnerability of the powermail plugin used in Typo 3.

Still vulnerable it can be easily exploited by injecting code like

<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">click</a>

So when you find a Typo3 site with powermail installed wich is breaking down all JavaScript functions like onload() or onerror() try injecing a href code which is base64 encoded.