CVE-2021-47837

Markdownify 1.2.0 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Produtos afetados

amitmerchant1990 · Markdownify

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/amitmerchant1990/electron-markdownify https://imgur.com/a/T4jBoiS https://www.exploit-db.com/exploits/49835 https://www.vulncheck.com/advisories/markdownify-persistent-cross-site-scripting