livewire-markdown-editor has arbitrary file upload that allows stored XSS via attachment handler
All versions of mckenziearts/livewire-markdown-editor prior to v1.3 contain a critical arbitrary file upload vulnerability in the MarkdownEditor::updatedAttachments() Livewire handler. The handler calls $file->store() with no server-side validation of MIME type, extension, or file content. Any authenticated user with access to a page embedding <livewire:markdown-editor> can upload files of any type (.html, .svg, .js, .php, .exe, etc.) to the disk configured by livewire-markdown-editor.disk. When that disk is a public cloud bucket …