Cross-site Scripting (XSS)

editor.md is vulnerable to cross-site scripting (XSS). The vulnerability exists because it allows embedding of external svg file such as <EMBED SRC="data:image/svg+xml, allowing an attacker to launch dom-based cross-site scripting.