Advisory #15
| Title | Qiita::Markdown cross-site scripting via crafted iframe |
| CVE ID | CVE-2021-28796 |
| Vendor | Increments Inc. |
| Affected product | Qiita::Markdown |
| Affected versions | - 0.32.0 |
| Vulnerability type | CWE-79 (Cross-site Scripting) |
| Description | Qiita::Markdown has a vulnerability that allows cross-site scripting via javascript: URL in iframe |
| Status | Fixed in 0.33.0 |
| Recommendation | Update to 0.33.0 or above |