9.8CVSS
9.6AI Score
0.014EPSS
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.
9.8CVSS
9.4AI Score
0.011EPSS
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.
9.6CVSS
8.9AI Score
0.002EPSS