nodejs is vulnerable to Cross Site Scripting (XSS). The vulnerability exists because maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to how a JavaScript module behaves.