simple-markdown is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via Data
or Vbscript
URIs, e.g data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGknKTwvc2NyaXB0Pg==
CPE | Name | Operator | Version |
---|---|---|---|
simple-markdown | le | 0.4.3 | |
simple-markdown | le | 0.4.3 |