Description
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.
Remediation
References
https://github.com/sparksuite/simplemde-markdown-editor/issues/721
Related Vulnerabilities
CVE-2019-5413 Vulnerability in maven package org.webjars.npm:morgan
CVE-2019-20149 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:kind-of
CVE-2016-10707 Vulnerability in maven package org.webjars.npm:jquery
CVE-2020-15231 Vulnerability in maven package org.mapfish.print:print-lib
CVE-2017-16138 Vulnerability in maven package org.webjars.npm:mime