Xpaw

**Name of the Vulnerable Software and Affected Versions** Parsedown versions prior to 1.7.2 **Description** The issue allows attackers to execute arbitrary JavaScript code if a script, already running on the affected page, executes the contents of any element with a specific class. This occurs because spaces are permitted in code block infostrings, interfering with the intended behavior of a single class name beginning with the language- substring. **Recommendations** For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue.