← back
CVE-2021-47840

Moeditor 0.2.0 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's system.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
Moeditor · Moeditor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://imgur.com/a/UdP4JaXhttps://moeditor.js.org/https://www.exploit-db.com/exploits/49830https://www.vulncheck.com/advisories/moeditor-persistent-cross-site-scripting