5 matches found
CVE-2021-47840
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on t...
CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
PT-2026-3297
StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code...
CVE-2024-33300
Typora v1.0.0 through v1.7 version below Markdown editor has a cross-site scripting XSS vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files...
Renato 跨站脚本漏洞
Renato is an open source knowledge base platform that uses static Markdown files to power your knowledge base. A security vulnerability exists in Renato version v0.17.0, which originates from an attacker with local access rights can upload a markdown file with malicious JavaScript that can be...