Cross-site Scripting
EpicEditor contains an XSS vulnerability because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.
Advisories for Npm/Epiceditor package
2017
EpicEditor contains an XSS vulnerability because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.