editor.md is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the special characters before it output to the front end as a crafted script through the editor
parameter, which allows an attacker to inject and execute malicious JavaScript in the victim’s browser.