Cross-site Scripting (XSS)
sockjs is vulnerable to cross-site scripting XSS. The attack exists because it does sanitize the callback parameter in lib/transport/htmlfile.js for non-alphanumeric symbols, allowing an attacker to inject malicious scripts...