Cross-site Scripting
An attacker can inject scripts which are executed in some browsers.
Advisories for Npm/Restify package
2018
2016
Cross Site Scripting
Using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.