vditor is a browser-based Markdown editor that supports WYSIWYG, on-the-fly rendering (similar to Typora), and split-screen preview modes. vditor suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the web application. An attacker could exploit this vulnerability to execute client-side code.