Advisories for Npm/Backbone package

Affected versions of backbone are vulnerable to cross-site scripting when users are allowed to supply input to the Model#Escape function, and the output is then written to the DOM. The vulnerability occurs as a result of the regular expression used to encode metacharacters failing to take HTML Entities such as < into account.

There's a potential Cross Site Scripting vulnerability in the Model#Escape function if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as &#60; to <.