Skip to main content

Marktext

6 CVEs product

Monthly

CVE-2023-2318 CRITICAL POC Act Now

DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple XSS Microsoft Marktext
NVD GitHub
CVSS 3.1
9.6
EPSS
0.5%
CVE-2023-1004 HIGH POC This Week

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Microsoft Marktext
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-21158 MEDIUM This Month

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Marktext
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25069 CRITICAL POC PATCH Act Now

Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Marktext
NVD GitHub
CVSS 3.1
9.6
EPSS
1.8%
CVE-2021-29996 CRITICAL POC Act Now

Mark Text through 0.16.3 allows attackers arbitrary command execution. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Marktext
NVD GitHub
CVSS 3.1
9.6
EPSS
2.8%
CVE-2020-27176 CRITICAL POC Act Now

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Marktext
NVD GitHub
CVSS 3.1
9.6
EPSS
1.9%
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple XSS Microsoft +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Microsoft +1
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM This Month

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Marktext
NVD GitHub
EPSS 2% CVSS 9.6
CRITICAL POC PATCH Act Now

Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Marktext
NVD GitHub
EPSS 3% CVSS 9.6
CRITICAL POC Act Now

Mark Text through 0.16.3 allows attackers arbitrary command execution. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Marktext
NVD GitHub
EPSS 2% CVSS 9.6
CRITICAL POC Act Now

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Marktext
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy