jstoxml is a Converts JavaScript/JSON to XML (for RSS, Podcasts, AMP, etc.)
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to not escaping special characters.
Upgrade jstoxml to version 2.0.0 or higher.
jstoxml