Description
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element.
Remediation
References
https://github.com/sparksuite/simplemde-markdown-editor/issues/721
Related Vulnerabilities
CVE-2022-0764 Vulnerability in npm package strapi
CVE-2020-23849 Vulnerability in npm package jsoneditor
CVE-2021-23327 Vulnerability in maven package org.webjars.npm:apexcharts
CVE-2020-28442 Vulnerability in maven package org.webjars.npm:js-data
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webflux