Paulyi

**Name of the Vulnerable Software and Affected Versions** selectize-plugin-a11y versions prior to 1.1.0 **Description** The issue concerns a Cross-Site Scripting (XSS) problem. Specifically, the `accessibility.liveRegion.speak` function does not properly sanitize the `msg` variable before rendering it as HTML. If the `msg` variable is controlled by user input, it allows attackers to execute arbitrary JavaScript in a victim's browser. **Recommendations** For versions prior to 1.1.0, upgrade to version 1.1.0 or later. As a temporary workaround, consider restricting user input for the `msg` variable to prevent potential exploitation.