0.001 Low
EPSS
Percentile
41.8%
editor.md is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of sanitization in the src, parameter of editormd.js which allows an attacker to inject and execute arbitrary JavaScript into the browser.
src
editormd.js
github.com/advisories/GHSA-w974-rq9x-mh3v
github.com/pandao/editor.md/pull/860
github.com/pandao/editor.md/pull/860/commits/2a6ef977f76779df14798aba3bc4528ca4d8a78d