Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
Advisories for Npm/Editor.md package
2023
Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter
Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe> src parameter.
Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter
Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.
2019
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
pandao Editor.md 1.5.0 allows XSS via the Javascript: string.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
2018
Cross-site Scripting
pandao Editor.md is vulnerable to XSS via input starting with a << substring, which is mishandled during construction of an A element.
Cross-site Scripting
Pandao Editor.md allows XSS via crafted attributes of an invalid IMG element.