CVE-2018-19056 — CVSS 6.1 (medium): pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element.
CVE-2019-9737 — CVSS 6.1 (medium): Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED SRC="data:image/svg+xml' substring.
CVE-2020-19660 — CVSS 6.1 (medium): Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.
CVE-2020-19697 — CVSS 6.1 (medium): Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted…
CVE-2020-19698 — CVSS 6.1 (medium): Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted…
CVE-2023-29641 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted…