Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe> src parameter.
Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.
pandao Editor.md 1.5.0 allows XSS via the Javascript: string.
Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
pandao Editor.md is vulnerable to XSS via input starting with a << substring, which is mishandled during construction of an A element.
Pandao Editor.md allows XSS via crafted attributes of an invalid IMG element.