CVE-2020-28455

markdown-it-toc is vulnerable to Cross-site Scripting (XSS) because the title of the generated table of contents and the contents of headers are not escaped. This affects all versions of the package, enabling injection via the toc/title content. Multiple sources (GHSA, Snyk, Veracode, OSV, CVE li...