0.001 Low
EPSS
Percentile
35.3%
editor.md is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists in filterHTMLTags function at editormd.js because the inputs are not properly filtered which allows an attacker to inject and execute arbitrary JavaScript.
filterHTMLTags
editormd.js
github.com/advisories/GHSA-rpr9-qfw3-wh83
github.com/alromh87/editor.md/commit/f5cb82c39400294a75f4b5b9e997e4939cee7084
github.com/pandao/editor.md
github.com/pandao/editor.md/issues/697