CVE-2020-8548

CVE-2020-8548

EPSS 1.4%

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/antonreshetov/massCode/issues/43 https://github.com/antonreshetov/massCode/issues/44