vulnerability cross-site scripting (xss)
severity 5.4
language javascript
registry npm


netlify-cms-widget-markdown is vulnerable to Cross-Site Scripting (XSS).

Steps To Reproduce

  1. Use the application or use the demo
  2. Switch to markdown mode in edtior.
  3. Insert the xss payload in to the editor(body) <img src=x onerror=alert(1)>
  4. XSS payload will get executed.