Description

pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.

Remediation

References

https://github.com/pandao/editor.md/issues/634

Related Vulnerabilities

CVE-2020-28445 Vulnerability in npm package npm-help

CVE-2020-7637 Vulnerability in maven package org.webjars.npm:class-transformer

CVE-2023-22467 Vulnerability in maven package org.webjars.bowergithub.moment:luxon

CVE-2023-31582 Vulnerability in maven package org.bitbucket.b_c:jose4j

CVE-2020-8124 Vulnerability in maven package org.webjars.npm:url-parse

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Issue Tracking Third Party Advisory