CVE-2019-15482

Name of the Vulnerable Software and Affected Versions selectize-plugin-a11y versions prior to 1.1.0

Description The issue concerns a Cross-Site Scripting (XSS) problem. Specifically, the accessibility.liveRegion.speak function does not properly sanitize the msg variable before rendering it as HTML. If the msg variable is controlled by user input, it allows attackers to execute arbitrary JavaScript in a victim's browser.

Recommendations For versions prior to 1.1.0, upgrade to version 1.1.0 or later. As a temporary workaround, consider restricting user input for the msg variable to prevent potential exploitation.