CVE-2020-19660

Cross Site Scripting XSS pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values...

@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2020-19698 via editor.md (=1.5.0)

editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2020-19698 Source advisory:...

Editor.md 跨站脚本漏洞

Editor.md is an open source embedded online Markdown a markup language editor. A security vulnerability exists in Pandao Editor.md version v.1.5.0. A remote attacker can exploit this vulnerability to execute arbitrary code via specially crafted scripts on editor parameters...