Versions of simple-markdown
prior to 0.4.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data
or VBScript URIs and a base64-encoded payload.
Upgrade to version 0.4.4 or later.