Marked.Js · Marked.Js · CVE-2017-6589
**Name of the Vulnerable Software and Affected Versions**
EpicEditor versions prior to 0.3.0, specifically versions through 0.2.3
**Description**
The issue is related to Cross-Site Scripting due to an insecure default marked.js configuration. An example attack vector involves a crafted IMG element in an HTML document.
**Recommendations**
For EpicEditor versions through 0.2.3, update the marked.js configuration to a secure setting to prevent Cross-Site Scripting attacks.