CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-51691 affects MarkTwo (Markdown editor). The issue is an XSS vulnerability in the editor interface where user-supplied Markdown is not properly sanitized before rendering, enabling remote code execution in the victim’s browser via crafted input. Impact includes potential session hijackin...

6.1CVSS6.6AI score0.0037EPSS

Exploits0References3

CNNVD•added 2025/06/22 12:0 a.m.•2 views

MarkText 安全漏洞

MarkText is a markdown file editor of MarkText open source. A security vulnerability exists in MarkText 0.17.1 and earlier versions, which stems from an inefficient regular expression complexity in the function getRecommendTitleFromMarkdownString in the file marktext/src/main/utils/index.js...

6.9CVSS5.3AI score0.00448EPSS

Exploits0References6

RedhatCVE•added 2025/05/23 7:57 a.m.•6 views

CVE-2024-33300

Typora v1.0.0 through v1.7 version below Markdown editor has a cross-site scripting XSS vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files...

7.3CVSS6.5AI score0.00552EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:11 a.m.•5 views

CVE-2023-39703

A cross site scripting XSS vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file...

6.1CVSS6.2AI score0.00455EPSS

Exploits1

RedhatCVE•added 2025/05/22 10:28 p.m.•4 views

CVE-2022-23637

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...

6.1CVSS6.1AI score0.00468EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:24 p.m.•8 views

CVE-2021-29474

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

5.8CVSS6.8AI score0.01599EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:57 p.m.•6 views

CVE-2021-39393

mm-wiki v0.2.1 was discovered to contain a cross-site scripting XSS vulnerability via the markdown editor...

6.1CVSS6.1AI score0.00478EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 5:4 p.m.•5 views

CVE-2020-19952

Cross Site Scripting XSS vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file...

6.1CVSS6.3AI score0.00531EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:8 p.m.•4 views

CVE-2020-11051

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor with write access as well load the same page into the Markdown editor, the XSS payload will be...

6.9CVSS5.7AI score0.0061EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:11 a.m.•4 views

CVE-2018-19658

The Markdown editor in YXBJ before 8.3.2 on macOS has stored XSS. This behavior may be encountered by some Evernote users; however, it is a vulnerability in YXBJ, not a vulnerability in Evernote...

5.4CVSS6.5AI score0.00521EPSS

Exploits0References1

CVE•added 2025/03/27 4:0 a.m.•48 views

CVE-2025-31165

CVE-2025-31165 is an XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 , specifically through the markdown editor feature . The description states that attackers can execute JavaScript via this editor. The CVSS metrics included indicate a base score of 6.9 (Me...

6.9CVSS5.7AI score0.00309EPSS

Exploits0References1

CNNVD•added 2025/03/27 12:0 a.m.•1 views

NightWolf Penetration Testing Platform 跨站脚本漏洞

NightWolf Penetration Testing Platform is an open source cybersecurity testing tool from NightWolf designed for red teams and penetration testers for vulnerability exploitation, elevation of privilege and lateral movement testing. A security vulnerability exists in NightWolf Penetration Testing...

6.9CVSS7.4AI score0.00309EPSS

Exploits0References2

Vulnrichment•added 2024/10/07 8:45 p.m.•14 views

CVE-2024-47610 Stored Cross-site Scripting Vulnerability in Markdown Editor

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

7.3CVSS6.5AI score0.00294EPSS

Exploits0References2