Description
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.5.0
References
Related Issues
- Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter - CVE-2020-19698
- Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter - CVE-2020-19697
- Jodit Editor vulnerable to cross-site scripting - CVE-2023-42399
- Cross-Site Scripting in editor.md - CVE-2019-9737
- Tags:
- npm
- editor.md
Anything's wrong? Let us know Last updated on November 07, 2023