Cross-Site Scripting in diagram-js
Versions of diagram-js (f ) (f ) are vulnerable to Cross-Site Scripting. The package fails to escape output of user-controlled input in search-pad, allowing attackers to execute arbitrary JavaScript. If you are using diagram-js, upgrade to If you are using diagram-js, upgrade to