vditor is a browser-based Markdown editor that supports WYSIWYG, on-the-fly rendering (similar to Typora), and split-screen preview modes. vditor versions prior to 3.8.12 are vulnerable to a cross-site scripting vulnerability that stems from the program’s lack of data validation filtering of user-supplied and output data. An attacker could exploit this vulnerability to execute JavaScript code on the client side.