billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.

billboard.js is vulnerable to XSS during chart option binding