Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization in |markdown filter. An attacker to inject arbitrary JS into the page, by entering Markdown and then renders it with this filter. Note: Filters that use issafe need to make sure the...