Description
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.
Remediation
References
https://github.com/sparksuite/simplemde-markdown-editor/issues/721
Related Vulnerabilities
CVE-2021-27568 Vulnerability in maven package net.minidev:json-smart
CVE-2020-15168 Vulnerability in npm package node-fetch
CVE-2022-1466 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2020-36320 Vulnerability in maven package com.vaadin:vaadin-server
CVE-2022-0265 Vulnerability in maven package com.hazelcast:hazelcast