The package apexcharts prior to 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.
fusioncharts apexcharts