A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL.Referenceshttps://gist.github.com/cd80/50463b0e62067ec861b7006cbf46b068