vulnerability cross-site scripting
severity 7.2
language javascript
registry npm


editor.md is an open source embeddable online markdown editor (component), based on CodeMirror & jQuery & Marked.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) The ABBR or SUP elements allow any type of attribute on them, allowing an attacker to leverage JS elements and run scripts on the page.