Injection Vulnerability
Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser.
Advisories for Npm/Shout package
2018
2015
HTML Injection
Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser.