Cross-site Scripting (XSS) in bracket-template (npm) with high severity https://snyk.io/vuln/npm:bracket-template:20180409

CERT-LatestNews ThreatsCybercrime

is a Bracket-Template support for JSTransformers. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows to inject arbitrary JavaScript tag and malicious code to execute when variables read from GET are used directly in template without sanitization. Details.