EPSS
Percentile
30.0%
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.
[
(
A
github.com/advisories/GHSA-wg85-p6j7-gp3w
github.com/sparksuite/simplemde-markdown-editor
github.com/sparksuite/simplemde-markdown-editor/issues/721
nvd.nist.gov/vuln/detail/CVE-2018-19057