CVE-2020-19697

Name of the Vulnerable Software and Affected Versions Pandao Editor.md version 1.5.0

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted script in the <iframe> src parameter. This enables the attacker to inject malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations For Pandao Editor.md version 1.5.0, consider disabling the use of the <iframe> src parameter until a patch is available to prevent exploitation of this issue. Restrict access to the Editor.md functionality to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.