simple-markdown.js in Khan Academy simple-markdown prior to 0.4.4 allows XSS via a data: or vbscript: URI.
khanacademy simple-markdown
fedoraproject fedora 30
Vulmon