Description
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.5.0
References
Related Issues
- Jodit Editor vulnerable to cross-site scripting - CVE-2023-42399
- Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter - CVE-2020-19697
- Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter - CVE-2020-19698
- Jodit Editor vulnerable to Cross-site Scripting - jodit - CVE-2022-23461
You might also like:
- Tags:
- npm
- editor.md
Anything's wrong? Let us know Last updated on November 07, 2023


