All versions of editor.md
are vulnerable to Cross-Site Scripting. User input is insufficiently sanitized, allowing attackers to inject malicious code in payloads containing base64-encoded content.
No fix is currently available. Consider using an alternative module until a fix is made available.