0.001 Low
EPSS
Percentile
29.3%
editor.md is vulnerable to cross-site scripting (XSS) attacks. The library does not properly sanitize the user input before rendering the markdown, allowing a malicious user can inject and execute arbitrary Javascript through the editor.
github.com/pandao/editor.md/issues/612