EPSS
Percentile
40.2%
markdown-it-toc is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the title of the generated toc and the contents of the header allowing an attacker to inject maliciously crafted script into the system.
github.com/tylingsoft/markdown-it-github-toc/blob/master/src/index.js#L244