Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function.
Advisories for Npm/Metro4 package
2022