Cross-site Scripting (XSS)
Overview vega-expression is a Vega expression parser and code generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...