npm package
editor.md
pkg:npm/editor.md
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-29641 | — | <= 1.5.0 | — | May 1, 2023 | Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. | ||
| CVE-2020-19698 | — | <= 1.5.0 | — | Apr 4, 2023 | Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter. | ||
| CVE-2020-19697 | — | <= 1.5.0 | — | Apr 4, 2023 | Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter. | ||
| CVE-2019-14653 | — | — | — | Aug 3, 2019 | pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element. | ||
| CVE-2019-14517 | — | — | — | Aug 1, 2019 | pandao Editor.md 1.5.0 allows XSS via the Javascript: string. | ||
| CVE-2019-9737 | — | — | — | Mar 13, 2019 | Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring. | ||
| CVE-2018-19056 | — | — | — | Nov 7, 2018 | pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element. | ||
| CVE-2018-16330 | — | — | — | Sep 2, 2018 | Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. |
- CVE-2023-29641May 1, 2023affected <= 1.5.0
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
- CVE-2020-19698Apr 4, 2023affected <= 1.5.0
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.
- CVE-2020-19697Apr 4, 2023affected <= 1.5.0
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter.
- CVE-2019-14653Aug 3, 2019
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.
- CVE-2019-14517Aug 1, 2019
pandao Editor.md 1.5.0 allows XSS via the Javascript: string.
- CVE-2019-9737Mar 13, 2019
Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
- CVE-2018-19056Nov 7, 2018
pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.
- CVE-2018-16330Sep 2, 2018
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element.