zeppelin-web is vulnerable to cross-site scripting. The vulnerability exists because the `WebsocketEventFactory` function in `websocket-event.factory.js` does not properly escape the `message` attribute before being rendered, allowing an attacker to inject and execute malicious JavaScript.Read More