Wofwca

**Name of the Vulnerable Software and Affected Versions** smoothie versions 1.31.0 through 1.36.1 **Description** The issue arises from improper user input sanitization in `strokeStyle` and `tooltipLabel` properties, leading to Cross-site Scripting (XSS). This can be exploited when a user has control over these properties. **Recommendations** For smoothie versions 1.31.0 through 1.36.1, consider disabling the use of `strokeStyle` and `tooltipLabel` properties until a patch is available to prevent potential XSS attacks. Restrict access to these properties to minimize the risk of exploitation.