Incomplete Filtering of Special Elements
Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements. The srcset attribute in an HTML element can be a vector for content spoofing. An attacker can manipulate the content presented to other users by interpolating a srcset value directly that doesn'...