Tag
sanitize-html version 2.17.3 and earlier is vulnerable to cross-site scripting (XSS) due to the improper handling of the `xmp` tag, allowing attackers to inject arbitrary HTML and JavaScript code.