EPSS
Percentile
51.0%
simple-markdown is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via Data or Vbscript URIs, e.g data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGknKTwvc2NyaXB0Pg==
Data
Vbscript
data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGknKTwvc2NyaXB0Pg==
github.com/Khan/simple-markdown/pull/63