5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.3%
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.
github.com/hackmdio/codimd/issues/1263