CVE ID:

CVE-2019-9844

Details:

simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.

References:

:https://github.com/Khan/simple-markdown/pull/63
:https://www.npmjs.com/package/simple-markdown/v/0.4.4

ZeroDayLab Assigned Tags:

CROSS SITE SCRIPTING - What is Cross Site Scripting?