Description
pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.
Remediation
References
https://github.com/pandao/editor.md/issues/634
Related Vulnerabilities
CVE-2023-37460 Vulnerability in maven package org.codehaus.plexus:plexus-archiver
CVE-2020-7724 Vulnerability in npm package tiny-conf
CVE-2021-43138 Vulnerability in maven package org.webjars.bower:async
CVE-2023-29528 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2021-21306 Vulnerability in maven package org.webjars.npm:marked