Lowjheer

**Name of the Vulnerable Software and Affected Versions** Vega versions prior to 5.17.3 **Description** Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega is an npm package. In Vega, there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim's machine. **Recommendations** For versions prior to 5.17.3, update to version 5.17.3 to resolve the issue. As a temporary workaround, consider restricting the use of Vega expressions to minimize the risk of exploitation.