editor.md (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package editor.md, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2018-19056 — CVSS 6.1 (medium): pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.
CVE-2019-9737 — CVSS 6.1 (medium): Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
CVE-2020-19697 — CVSS 6.1 (medium): Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted…
CVE-2020-19698 — CVSS 6.1 (medium): Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted…
CVE-2023-29641 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted…