the editor has XSS vulnerability
payload:
</a>
<svg><animate onbegin=alert(11) attributeName=x dur=1s>
Open the editorhttps://ld246.com/guide/markdown, enter the payload, and trigger the XSS vulnerability
demo pic : https://drive.google.com/file/d/1fl07CUXSS0DyvjtuftslMnyr2uG_Z8F7/view?usp=sharing
This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie.