Cross-site Scripting (XSS) in bracket-template (npm) with high severity

CERT-LatestNews ThreatsCybercrime

is a Bracket-Template support for JSTransformers. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows to inject arbitrary JavaScript tag and malicious code to execute when variables read from GET are used directly in template without sanitization. Details.