Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Versions of the package @excalidraw/excalidraw from 0.0.0 is vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.