Cross-site Scripting in pandao

Description

pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.

Recommendation

No fix is available yet. Followings are affected versions:

• = 1.5.0

References

• GHSA-x65c-4fgj-5fc3
• CVE-2019-14653
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Cross-site Scripting in pandao editor.md - CVE-2019-14517
• Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter - CVE-2020-19698
• Cross-Site Scripting in editor.md - CVE-2019-9737
• Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter - CVE-2020-19697

Tags:

npm

editor.md