spatie/browsershot is vulnerable to cross-site scripting. The vulnerability exists due to the lack of file://
validation in the html content of Browsershot.php
which allows a remote attacker to inject and execute malicious JavaScript into the system.