CVE-2018-19056

pandao/editor.md

on github

Published

November 7, 2018

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.

References

https://github.com/pandao/editor.md/issues/634

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:ipandao:editor.md:1.5.0:::::::*	n/a	n/a	1.5.0

External Links

NVD - CVE-2018-19056