XSS Vulnerability on Image link parser

I found a XSS (Cross-Site Scripting) vulnerability, and it is present in the markdown parser when it tries to parse an image URL. To reproduce the vulnerability you need to add a fake image url like: http://host/path/to/image'onerror=alert(1);//.png As you can see, we have an invalid image URL which finish with an image extension (PNG). By putting the ' we are able to break the "img" tag in which the image url is included by the parser and add custom code, allowing us to run Javascript code. A malicious user could use the $.getScript function to load a malicious script. If you need more information about the vulnerability, please, feel free to reply.