Description
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.
Recommendation
No fix is available yet. Followings are affected versions:
- = 1.5.0
References
Related Issues
- lobe-chat has an Open Redirect - CVE-2025-59426
- Cross-site Scripting in cesium - CVE-2023-48094
- editor.md vulnerable to Cross-site Scripting - CVE-2023-29641
- Command Injection in node-rules - Vulnerability
- Tags:
- npm
- editor.md
Anything's wrong? Let us know Last updated on February 01, 2023