CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

Vulnrichment•added 2023/08/19 5:43 a.m.•7 views

CVE-2023-2318 MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution

DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into...

8.6CVSS6.2AI score0.00485EPSS

Exploits1References2

Cvelist•added 2023/08/19 5:43 a.m.•19 views

CVE-2023-2318 MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution

8.6CVSS8.8AI score0.00485EPSS

Exploits1References2

CNNVD•added 2023/08/19 12:0 a.m.•4 views

MarkText 跨站脚本漏洞

MarkText is a simple and elegant open source Markdown editor focused on speed and usability. A security vulnerability exists in MarkText version 0.17.1, originating in the src/muya/lib/contentState/pasteCtrl.js file, which can be exploited by copying and pasting text from a malicious web page int...

9.6CVSS8.4AI score0.00485EPSS

Exploits1References3

OSV•added 2023/02/24 8:15 a.m.•5 views

CVE-2023-1004

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit h...

7.8CVSS7.4AI score

Exploits0References3

NVD•added 2023/02/24 8:15 a.m.•15 views

CVE-2023-1004

7.8CVSS6.5AI score0.00376EPSS

Exploits1References3

Prion•added 2023/02/24 8:15 a.m.•27 views

Code injection

4.3CVSS8AI score0.00376EPSS

Exploits1References3Affected Software1

CVE•added 2023/02/24 7:56 a.m.•50 views

CVE-2023-1004

MarkText up to version 0.17.1 on Windows is affected by CVE-2023-1004, with a vulnerability in the WSH JScript Handler that enables code injection. The issue requires local access and has publicly disclosed exploit information. The advisory lists update to a version later than 0.17.1 as the remed...

7.8CVSS6.5AI score0.00376EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2023/02/24 7:56 a.m.•7 views

CVE-2023-1004 MarkText WSH JScript code injection

5.3CVSS7.5AI score0.00376EPSS

Exploits1References3

Cvelist•added 2023/02/24 7:56 a.m.•19 views

CVE-2023-1004 MarkText WSH JScript code injection

5.3CVSS8.2AI score0.00376EPSS

Exploits1References3

CNNVD•added 2023/02/24 12:0 a.m.•3 views

MarkText 代码注入漏洞

MarkText is a simple and elegant open source Markdown editor focused on speed and usability. A code injection vulnerability exists in MarkText version 0.17.1 and earlier versions. An attacker can exploit this vulnerability to inject arbitrary code...

7.8CVSS6.5AI score0.00376EPSS

Exploits1References4

Positive Technologies•added 2023/02/24 12:0 a.m.•4 views

PT-2023-16681 · Microsoft +1 · Wsh Jscript Handler +1

Name of the Vulnerable Software and Affected Versions: MarkText versions up to 0.17.1 Description: A critical vulnerability has been found in MarkText, affecting an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection, requiring local access to...

7.8CVSS7.3AI score0.00376EPSS

Exploits1References8

OSV•added 2022/03/10 5:45 p.m.•27 views

CVE-2022-21158

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link with javascript: scheme inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext...

5.4CVSS6.2AI score

Exploits0References2

NVD•added 2022/03/10 5:45 p.m.•21 views

CVE-2022-21158

5.4CVSS0.00514EPSS

Exploits0References2

Prion•added 2022/03/10 5:45 p.m.•10 views

Cross site scripting

3.5CVSS5.3AI score0.00514EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/03/07 9:0 a.m.•15 views

CVE-2022-21158

5.5AI score0.00514EPSS

Exploits0References2

CVE•added 2022/03/07 9:0 a.m.•105 views

CVE-2022-21158

CVE-2022-21158 is a stored XSS flaw in MarkText, affecting versions prior to 0.17.0. The issue stems from improper handling of links using the javascript: scheme inside documents, enabling an attacker to execute arbitrary scripts on a user’s PC. The vulnerability is addressed by updating to v0.17...

5.4CVSS5.3AI score0.00514EPSS

Exploits0References2Affected Software1

CNVD•added 2022/03/07 12:0 a.m.•15 views

MarkText Cross-Site Scripting Vulnerability

MarkText is a simple and elegant Markdown editor with a focus on speed and usability.A cross-site scripting vulnerability exists in versions of MarkText prior to 0.17.0, which stems from improper handling of links using javascript:scheme in documents. A remote attacker could exploit this...

3.5CVSS3.4AI score0.00514EPSS

Exploits0Affected Software1

Japan Vulnerability Notes•added 2022/03/03 12:0 a.m.•41 views

JVN#89524240: MarkText vulnerable to cross-site scripting

MarkText is a Markdown editor. MarkText contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the PC of the user using the product. Solution Update the Software Update the software to the latest version according to the information provided by the...

5.4CVSS5.3AI score0.00514EPSS

Exploits0

CNNVD•added 2022/03/03 12:0 a.m.•4 views

MarkText 跨站脚本漏洞

5.4CVSS5.6AI score0.00514EPSS

Exploits0References5

ATTACKERKB•added 2022/01/29 11:15 p.m.•1 views

CVE-2022-24123

MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting XSS payload...

9CVSS5.5AI score0.01822EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by