Cross-Site Scripting in webpack-bundle-analyzer
Versions of webpack-bundle-analyzer are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.
Advisories for Npm/Webpack-Bundle-Analyzer package
2019