もっと詳しく

Markdown Formatter Plugin 0.1.0 and earlier uses a Markdown library to parse Markdown that does not escape crafted link target URLs.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter.

Markdown Formatter Plugin 0.2.0 uses a different Markdown library that is not affected by this problem.

References