RSS   Vulnerabilities for 'Marktext'   RSS

2022-03-10
 
CVE-2022-21158

CWE-79
 

 
A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.

 
2022-03-05
 
CVE-2022-25069

CWE-79
 

 
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js.

 
2022-01-29
 
CVE-2022-24123

CWE-79
 

 
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.

 
2021-04-05
 
CVE-2021-29996

CWE-79
 

 
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.

 


Copyright 2024, cxsecurity.com

 

Back to Top