← back
CVE-2021-47836

Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowing code execution on the host.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
jersou · Markdown Explorer

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/jersou/markdown-explorerhttps://imgur.com/a/w4bcPWshttps://www.exploit-db.com/exploits/49826https://www.vulncheck.com/advisories/markdown-explorer-persistent-cross-site-scripting