Cross-Site Scripting in c3
Affected versions of c3 are vulnerable to cross-site scripting via improper sanitization of HTML in rendered tooltips. Recommendation Update to 0.4.11 or later.
Advisories for Npm/C3 package
2020
2016
XSS via tooltips
c3 contain a cross site scripting (XSS) vulnerability through improper html sanitization on rendered tooltips.