CVE-2021-47836

Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowing code execution on the host.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Produtos afetados

jersou · Markdown Explorer

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/jersou/markdown-explorer https://imgur.com/a/w4bcPWs https://www.exploit-db.com/exploits/49826 https://www.vulncheck.com/advisories/markdown-explorer-persistent-cross-site-scripting