Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element.
6.1CVSS
5.9AI Score
0.001EPSS
pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
6.1CVSS
5.8AI Score
0.001EPSS
Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.
6.1CVSS
6.2AI Score
0.001EPSS
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter.
6.1CVSS
6.3AI Score
0.001EPSS
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.
6.1CVSS
6.3AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
6.1CVSS
5.9AI Score
0.001EPSS