Description
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element.
Remediation
References
https://github.com/pandao/editor.md/issues/612
Related Vulnerabilities
CVE-2019-9155 Vulnerability in maven package org.webjars.npm:openpgp
CVE-2020-22864 Vulnerability in npm package froala-editor
CVE-2022-39381 Vulnerability in npm package muhammara
CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-list
CVE-2022-4565 Vulnerability in maven package cn.hutool:hutool-core