simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.
Source: NIST
CVE-2019-9844 (fedora, simple-markdown)
Security in mind
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.
Source: NIST
CVE-2019-9844 (fedora, simple-markdown)