Description
pandao Editor.md 1.5.0 allows XSS via the Javascript: string.
Remediation
References
https://github.com/pandao/editor.md/issues/709
Related Vulnerabilities
CVE-2019-9153 Vulnerability in npm package openpgp
CVE-2017-16163 Vulnerability in npm package dylmomo
CVE-2021-22112 Vulnerability in maven package org.springframework.security:spring-security-core
CVE-2023-29003 Vulnerability in npm package @sveltejs/kit
CVE-2021-23337 Vulnerability in maven package org.webjars.npm:lodash