xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion

Summary @xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain...