Rustam Komildzhonov

**Name of the Vulnerable Software and Affected Versions** markdown-to-jsx versions prior to 7.4.0 **Description** The issue is related to Cross-site Scripting (XSS) via the `src` property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. **Recommendations** For versions prior to 7.4.0, update to version 7.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the `src` property in markdown until a patch is available. Restrict access to markdown elements to minimize the risk of exploitation. Avoid using the `src` property in markdown until the issue is resolved.