Cross-Site Scripting

2019-04-02T19:38:50
ID NODEJS:794
Type nodejs
Reporter YYHYlh
Modified 2019-04-04T18:39:36

Description

Overview

All versions of editor.md are vulnerable to Cross-Site Scripting. User input is insufficiently sanitized, allowing attackers to inject malicious code in payloads containing base64-encoded content.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

References