Cross-site Scripting in pandao editor.md

Description

pandao Editor.md 1.5.0 allows XSS via the Javascript: string.

Recommendation

No fix is available yet. Followings are affected versions:

• = 1.5.0

References

• GHSA-5q54-8p9j-x74j
• CVE-2019-14517
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• seajs Cross-site Scripting vulnerability - CVE-2024-51091
• Cross-site scripting in bootstrap-select - CVE-2019-20921
• XSS vulnerability that affects bootstrap - CVE-2018-20676
• Server-Side Template Injection in formio - CVE-2020-28246

Tags:

npm

editor.md