Cross-Site Scripting in diagram-js-direct-editing
Versions of diagram-js-direct-editing are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser. Upgrade to or later.