editor.md
npm8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting editor.mdpage 1 of 1
- CVE-2018-16330MEDIUMCVSS 6.12018-09-02
vulnerable: 1.5.0
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element.
- CVE-2018-19056MEDIUMCVSS 6.12018-11-07
vulnerable: 1.5.0
pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.
- CVE-2019-14517MEDIUMCVSS 6.1EG 6.12019-08-01
vulnerable: 1.5.0
pandao Editor.md 1.5.0 allows XSS via the Javascript: string.
- CVE-2019-14653MEDIUMCVSS 6.1EG 6.12019-08-03
vulnerable: 1.5.0
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.
- CVE-2019-9737MEDIUMCVSS 6.12019-03-13
vulnerable: 1.5.0
Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
- CVE-2020-19697MEDIUMCVSS 6.1EG 6.12023-04-04
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter.
- CVE-2020-19698MEDIUMCVSS 6.1EG 6.12023-04-04
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.
- CVE-2023-29641MEDIUMCVSS 6.1EG 6.12023-05-01
Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text.
Check whether editor.md is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for editor.md CVEs against the assets you own.
Start Free Scan →