GHSA-X6WF-F3PX-WCQX xmldom has XML node injection through unvalidated processing instruction serialization
Summary The package allows attacker-controlled processing instruction data to be serialized into XML without validating or neutralizing the PI-closing sequence ?. As a result, an attacker can terminate the processing instruction early and inject arbitrary XML nodes into the serialized output. ---...