SimpleMDE has a vulnerability that potentially allows to enter scripts in reviews; See their issue #721. However, it seems to have been abandoned by its creator in 2016. It should be replaced by an actively maintained Markdown editor.