CVE-2020-28459

Name of the Vulnerable Software and Affected Versions markdown-it-decorate versions prior to a fixed version (no fixed version available)

Description The issue affects the markdown-it-decorate package, allowing an attacker to add an event handler or use javascript:xxx for the link, potentially leading to cross-site scripting (XSS). This is a type of attack where an attacker can inject malicious scripts into a website, potentially stealing user data or taking control of the user's session.

Recommendations For markdown-it-decorate versions prior to a fixed version, at the moment, there is no information about a newer version that contains a fix for this vulnerability.