sitegeist/fluid-components is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists because the library does not properly prevent the unwanted double-escaping of HTML markup, which allows an attacker to inject and execute malicious javascript.