CVE-2017-6589: Cross-site Scripting

March 9, 2017 (updated March 10, 2017)

EpicEditor contains an XSS vulnerability because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.

References

nvd.nist.gov/vuln/detail/CVE-2017-6589

Detect and mitigate CVE-2017-6589 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →