Description
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.
Remediation
References
https://github.com/sparksuite/simplemde-markdown-editor/issues/721
Related Vulnerabilities
CVE-2022-25883 Vulnerability in npm package semver
CVE-2023-28155 Vulnerability in maven package org.webjars.npm:request
CVE-2021-41189 Vulnerability in maven package org.dspace:dspace-api
CVE-2022-22984 Vulnerability in npm package snyk-python-plugin
CVE-2023-27095 Vulnerability in maven package cn.hippo4j:hippo4j-core