← voltar
CVE-2021-47840

Moeditor 0.2.0 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.4%CWE-79
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's system.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Moeditor · Moeditor

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://imgur.com/a/UdP4JaXhttps://moeditor.js.org/https://www.exploit-db.com/exploits/49830https://www.vulncheck.com/advisories/moeditor-persistent-cross-site-scripting