Description
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.5.0
References
Related Issues
- Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter - CVE-2020-19697
- Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter - CVE-2020-19698
- Jodit Editor vulnerable to cross-site scripting - CVE-2023-42399
- Froala Editor Cross-site Scripting vulnerability - CVE-2023-41592
- Tags:
- npm
- editor.md
Anything's wrong? Let us know Last updated on November 07, 2023