Description
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.
Remediation
References
https://github.com/sparksuite/simplemde-markdown-editor/issues/721
Related Vulnerabilities
CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15to18
CVE-2021-21353 Vulnerability in maven package org.webjars.npm:pug-code-gen
CVE-2019-5483 Vulnerability in npm package seneca
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2020-26870 Vulnerability in maven package org.webjars.npm:dompurify