XSS in Leandrocp Mdex

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':to_delta/2 converts Markdown into a Quill Delta…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Leandrocp Mdex — versions 0.8.3, 9852db2456fdc9d856eb636603a7f608e22e3793

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)