Drupal · Drupal Markdown Preview Module · CVE-2009-3437
**Name of the Vulnerable Software and Affected Versions**
Drupal Markdown Preview module version 6.x
**Description**
A cross-site scripting (XSS) issue exists in the live preview feature of the Markdown Preview module, allowing remote attackers to inject arbitrary web script or HTML via `Markdown input`.
**Recommendations**
For Drupal Markdown Preview module version 6.x, update the module to a version that fixes this issue. If no specific fix is provided for version 6.x, consider disabling the live preview feature in the Markdown Preview module as a temporary workaround to minimize the risk of exploitation.