Marktext

marktext

7 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2318 1Marktext 1Marktext Nov 21, 2024 Aug 19, 2023 N/A· v4 9.6 CRITICAL· v3 N/A· v2 DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be...Show more DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.Show less
CVE-2023-1004 1Marktext 1Marktext Nov 21, 2024 Feb 24, 2023 N/A· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to co...Show more A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.Show less
CVE-2022-21158 1Marktext 1Marktext Nov 21, 2024 Mar 10, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on...Show more A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.Show less
CVE-2022-25069 1Marktext 1Marktext Nov 21, 2024 Mar 5, 2022 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteC...Show more Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js.Show less
CVE-2022-24123 1Marktext 1Marktext Nov 21, 2024 Jan 29, 2022 N/A· v4 9.0 CRITICAL· v3 6.8 MEDIUM· v2 MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.
CVE-2021-29996 1Marktext 1Marktext Nov 21, 2024 Apr 5, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.
CVE-2020-27176 1Marktext 1Marktext Nov 21, 2024 Oct 16, 2020 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source...Show more Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.Show less