GHSA-wfvx-fx73-3rfj, CVE-2020-28455
npm/markdown-it-toc
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.
All versions up to 1.1.0
Unfortunately, there is no solution available yet.
2022-08-09
source |