Description
pandao Editor.md 1.5.0 allows XSS via the Javascript: string.
Remediation
References
https://github.com/pandao/editor.md/issues/709
Related Vulnerabilities
CVE-2021-39148 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-41881 Vulnerability in maven package io.netty:netty-codec-haproxy
CVE-2022-25881 Vulnerability in maven package org.webjars.npm:http-cache-semantics
CVE-2021-21290 Vulnerability in maven package io.netty:netty-transport-native-epoll
CVE-2021-25924 Vulnerability in maven package cd.go.plugin:go-plugin-api