CVE-2019-9737

pandao/editor.md

on github

Published

March 13, 2019

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.

References

https://github.com/pandao/editor.md/issues/662

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:ipandao:editor.md:1.5.0:::::::*	n/a	n/a	1.5.0

External Links

NVD - CVE-2019-9737