EPSS
Percentile
37.3%
editor.md is vulnerable to cross-site scripting (XSS). The vulnerability exists because it allows embedding of external svg file such as <EMBED SRC="data:image/svg+xml, allowing an attacker to launch dom-based cross-site scripting.
<EMBED SRC="data:image/svg+xml
github.com/pandao/editor.md/issues/662