Description
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.
Remediation
References
https://github.com/pandao/editor.md/issues/715
Related Vulnerabilities
CVE-2021-27568 Vulnerability in maven package net.minidev:json-smart
CVE-2019-10767 Vulnerability in npm package iobroker.js-controller
CVE-2022-34113 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2021-28918 Vulnerability in npm package netmask
CVE-2023-39022 Vulnerability in maven package opensymphony:oscore