Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
xhEdit allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view.
Advisories for Nuget/Xheditorpkg package
2018
xhEdit allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view.