Version of MathJax used by extension is vulnerable to XSS attack.

[ktchu]

A known XSS vulnerability exists in versions of MathJax prior to 2.7.4.

https://www.cvedetails.com/cve/CVE-2018-1999024/

From the source code, it looks like MathJax is 2.7.2 is currently being used.

[simov]

Thanks, didn't know that, I'll have to update it on next release.

[simov]

MathJax was updated to v2.7.9 in v4.0 of the extension.