CVE-2020-19952

Name of the Vulnerable Software and Affected Versions jbt Markdown Editor versions prior to commit 2252418c27dffbb35147acd8ed324822b8919477

Description The issue is related to a Cross Site Scripting (XSS) vulnerability in the Rendering Engine of the jbt Markdown Editor. This vulnerability allows remote attackers to execute arbitrary code via a crafted payload or by opening a malicious .md file.

Recommendations For versions prior to commit 2252418c27dffbb35147acd8ed324822b8919477, consider disabling the Rendering Engine feature until a patch is available. Restrict access to malicious .md files to minimize the risk of exploitation. Avoid using crafted payloads in the affected Rendering Engine until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.