editor.md vulnerable to Cross-site Scripting

Severity:: Medium

Description

Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.5.0

References

GHSA-847g-34c5-vvm8
CVE-2023-29641
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Mammoth is vulnerable to Directory Traversal - CVE-2025-11849
json-logic-js Command Injection vulnerability - CVE-2021-4329
Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
protobufjs Prototype Pollution vulnerability - CVE-2023-36665

Tags:: npm; editor.md

Anything's wrong? Let us know Last updated on November 07, 2023