CVE-2017-11593

Name of the Vulnerable Software and Affected Versions Markdown Preview Plus extension versions prior to 0.5.7

Description The issue allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files. These files are designed to be viewed in the browser as plain text but will be converted to HTML without proper sanitization, leading to a cross-site scripting (XSS) issue.

Recommendations For versions prior to 0.5.7, update to version 0.5.7 or later to resolve the issue. As a temporary workaround, consider disabling the Markdown Preview Plus extension until a patch is available. Restrict access to uploading and displaying crafted files to minimize the risk of exploitation.