Lucene search

Japan Vulnerability NotesJVN:89524240

HistoryMar 03, 2022 - 12:00 a.m.

JVN#89524240: MarkText vulnerable to cross-site scripting

2022-03-0300:00:00

Japan Vulnerability Notes

jvn.jp

marktext

vulnerable

cross-site scripting

cwe-79

update

software

version 0.17.0

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

27.8%

JSON

MarkText is a Markdown editor. MarkText contains a cross-site scripting vulnerability (CWE-79).

Impact

An arbitrary script may be executed on the PC of the user using the product.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Products Affected

MarkText versions prior to v0.17.0

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

27.8%

JSON

Related for JVN:89524240