Vulnerability Details CVE-2017-6589
EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-6589
-
cpe:2.3:a:epiceditor_project:epiceditor:0.0.3
-
cpe:2.3:a:epiceditor_project:epiceditor:0.1.0
-
cpe:2.3:a:epiceditor_project:epiceditor:0.1.1
-
cpe:2.3:a:epiceditor_project:epiceditor:0.1.1.1
-
cpe:2.3:a:epiceditor_project:epiceditor:0.2.0
-
cpe:2.3:a:epiceditor_project:epiceditor:0.2.1
-
cpe:2.3:a:epiceditor_project:epiceditor:0.2.1.1
-
cpe:2.3:a:epiceditor_project:epiceditor:0.2.2
-
cpe:2.3:a:epiceditor_project:epiceditor:0.2.3