CVE-2019-9737

Name of the Vulnerable Software and Affected Versions Editor.md versions 1.5.0 and earlier Editor.md (all versions)

Description The issue involves a DOM-based XSS that can be triggered through specific vectors, including the '<EMBED SRC="data:image/svg+xml' substring. It is also reported that user input is not sufficiently sanitized, allowing attackers to inject malicious code, particularly in payloads containing base64-encoded content.

Recommendations For Editor.md version 1.5.0, consider disabling the embedding of SVG images until a fix is available. For all versions of Editor.md, consider using an alternative module until a fix is made available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.