bolt/bolt is vulnerable to cross-site scripting (XSS) attacks. The library does not properly sanitize the user input, allowing a malicious attacker to inject and execute arbitrary html and script code into the web site through an image’s alt or the title field.