Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter

Severity:: Medium

Description

Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.5.0

References

GHSA-5p84-mmh9-pxgr
CVE-2020-19698
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

tiny-secp256k1 allows for verify() bypass when running in bundled environment - CVE-2024-49365
Astro's server source code is exposed to the public if sourcemaps are enabled - CVE-2024-56159
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability - CVE-2023-48711
editor.md vulnerable to Cross-site Scripting - CVE-2023-29641

Tags:: npm; editor.md

Anything's wrong? Let us know Last updated on April 07, 2023