PT-2023-22023 · Seafile · Seafile

Name of the Vulnerable Software and Affected Versions: Seafile version 9.0.6 Description: An issue allows attackers to inject JavaScript into the Markdown editor in wiki and discussion pages. This is achieved through an XSS issue, which enables the execution of malicious scripts. Recommendations:...

WP Githuber MD < 1.16.3 - Authenticated (Author+) Arbitrary File Upload

Description The WP Githuber MD – WordPress Markdown Editor plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.16.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's...

Inkdrop vulnerable to code injection

Overview Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. T.Nodoka reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a specially crafted...

JVN#48057522: Inkdrop vulnerable to code injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. Impact If a specially crafted markdown file is opened using the product, arbitrary code may be executed. Solution Update the Software The developer states that Inkdrop has an...

CVE-2023-39703

A cross site scripting XSS vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file...

CVE-2023-39703

A cross site scripting XSS vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file...

CVE-2023-39703

A cross site scripting XSS vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file...

Cross site scripting

A cross site scripting XSS vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file...

CVE-2023-39703

A cross site scripting XSS vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file...

PT-2023-27077 · Typora · Typora

Name of the Vulnerable Software and Affected Versions: Typora version 1.6.7 Description: A cross site scripting XSS issue in the Markdown Editor component allows attackers to execute arbitrary code via uploading a crafted Markdown file. Recommendations: For Typora version 1.6.7, consider disablin...

CVE-2023-39703

CVE-2023-39703 concerns Typora’s Markdown Editor component (Typora v1.6.7). The vulnerability is an XSS issue that allows an attacker to execute arbitrary code by uploading a specially crafted Markdown file. Public references consistently describe a path via the Markdown Editor component, but the...

CVE-2020-19952

Cross Site Scripting XSS vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file...

CVE-2020-19952

Cross Site Scripting XSS vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file...

Markdown Editor Cross-Site Scripting Vulnerability

Markdown Editor is an Electron-based Markdown text editor. A security vulnerability exists in Markdown Editor that stems from a cross-site scripting XSS vulnerability in the Rendering Engine. The vulnerability can be exploited by an attacker to execute arbitrary code by designing a payload or...

CVE-2020-19952

Cross Site Scripting XSS vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file...

CVE-2020-19952

Cross Site Scripting XSS vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file...

PT-2023-11542 · Unknown · Jbt Markdown Editor

Name of the Vulnerable Software and Affected Versions: jbt Markdown Editor versions prior to commit 2252418c27dffbb35147acd8ed324822b8919477 Description: The issue is related to a Cross Site Scripting XSS vulnerability in the Rendering Engine of the jbt Markdown Editor. This vulnerability allows...

CVE-2020-19952

CVE-2020-19952 describes a Cross Site Scripting (XSS) vulnerability in the Rendering Engine of the jbt Markdown Editor up to commit 2252418c27dffbb35147acd8ed324822b8919477 . The issue allows remote attackers to execute arbitrary code by presenting a crafted payload or by opening a malicious .md ...

Gin 安全漏洞

Gin is a small JavaScript Markdown editor built with Electron by Marius Küng, a personal developer. Gin suffers from a security vulnerability that stems from an improperly cleaned filename parameter in the Context.FileAttachment function, which can be exploited by an attacker to modify the...

Gin Markdown Editor 0.7.4 Arbitrary Code Execution

Exploit Title: Gin Markdown Editor v0.7.4 Electron - Arbitrary Code Execution Date: 2023-04-24 Exploit Author: 8bitsec CVE: CVE-2023-31873 Vendor Homepage: https://github.com/mariuskueng/gin Software Link: https://github.com/mariuskueng/gin Version: 0.7.4 Tested on: Mac OS 13 Release Date:...