Moderate severity vulnerability that affects simplemde

2018-11-21T22:21:25
ID GHSA-WG85-P6J7-GP3W
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:05

Description

SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.