Description
pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.
Remediation
References
https://github.com/pandao/editor.md/issues/634
Related Vulnerabilities
CVE-2020-11023 Vulnerability in npm package jquery
CVE-2020-10693 Vulnerability in maven package org.hibernate:hibernate-validator
CVE-2023-36820 Vulnerability in maven package io.micronaut.security:micronaut-security-oauth2
CVE-2022-0654 Vulnerability in npm package requestretry
CVE-2023-37964 Vulnerability in maven package org.jenkins-ci.plugins:elasticbox