CVE-2021-26835

No filtering of cross-site scripting XSS payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file...

Zettlr 跨站脚本漏洞

Zettlr is one of the most comprehensive editors for professional editing of Markdown files. Zettlr 1.8.7 suffers from a cross-site scripting vulnerability that stems from the lack of cross-site scripting XSS payload filtering in the markdown editor. An attacker can exploit this vulnerability to...

Marky 0.0.1 Cross Site Scripting / Code Execution

Exploit Title: Marky 0.0.1 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software...

Markright 1.0 - Persistent Cross-Site Scripting

Exploit Title: Markright 1.0 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/dvcrn/markright Version: 1.0 Tested on: Linux, MacOs,Windows Software Description: A minimalis...

CVE-2021-29474

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

Path traversal

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

CVE-2021-29474 Relative Path Traversal Attack on note creation

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

Cross-site Scripting (XSS)

Overview ngx-markdown-editor is an Angular markdown editor based on ace editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The vulnerability can be exploited when previewing the Markdown content. Details Cross-site scripting or XSS is a code vulnerability that...

Cross-site Scripting (XSS)

Overview ngx-markdown-editor is an Angular markdown editor based on ace editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown editor. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious scri...

Markright has a command execution vulnerability

Markright is Markdown editor with live preview support. A command execution vulnerability exists in markright, which can be exploited by an attacker to execute malicious commands...

CVE-2020-11051

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor with write access as well load the same page into the Markdown editor, the XSS payload will be...

CVE-2020-11051

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor with write access as well load the same page into the Markdown editor, the XSS payload will be...

Cross site scripting

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor with write access as well load the same page into the Markdown editor, the XSS payload will be...

CVE-2020-11051

CVE-2020-11051 : Wiki.js before 2.3.81 has a stored XSS in the Markdown editor. An editor with write access can inject payloads into content; when another editor loads the same page in the Markdown editor, the payload can execute in the preview panel. The HTML sanitization strips the payload in r...

CVE-2020-11051 XSS in Wiki.js

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor with write access as well load the same page into the Markdown editor, the XSS payload will be...

libtool (>=0.0.2 <=1.1.0), pycellga (>=0.1.0 <=0.3.0) potentially affected by unknown CVE via markdown-editor (=1.0.7)

markdown-editor PYPI version =1.0.7 is affected by a known vulnerability. The following packages have a transitive dependency on markdown-editor and may be impacted: - libtool =0.0.2, =0.1.0, =0.3.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-MARKDOWNEDITOR-559226...

Cross-site Scripting (XSS)

Overview Markdown-Editor is a Standalone editor for your local markdown files. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Markdown and HTML provided to the editor is written as HTML within markdownedit.js without any output encoding. PoC by Snyk Security Team...

CVE-2018-19658

The Markdown editor in YXBJ before 8.3.2 on macOS has stored XSS. This behavior may be encountered by some Evernote users; however, it is a vulnerability in YXBJ, not a vulnerability in Evernote...

CVE-2018-19658

The Markdown editor in YXBJ before 8.3.2 on macOS has stored XSS. This behavior may be encountered by some Evernote users; however, it is a vulnerability in YXBJ, not a vulnerability in Evernote...

Cross-site Scripting (XSS)

Overview @toast-ui/editor is a GFM Markdown Wysiwyg Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS. JavaScript inserted into the editor is not sanitized by the library. PoC " src=x onerror="alert1" alert1" alert1" alert1" Details Cross-site scripting or XSS i...