Digitalcraft

**Name of the Vulnerable Software and Affected Versions** Shave versions prior to 2.5.3 **Description** The issue exists due to mishandled output encoding during the overwrite of an HTML element, which can lead to Cross-Site Scripting. If encoded HTML input is passed into the `shave` package, the output will be decoded, potentially resulting in Cross-Site Scripting. **Recommendations** Upgrade to version 2.5.3 or later.