CVE-2021-47839

A flaw was found in Marky. This persistent cross-site scripting XSS vulnerability allows attackers to inject malicious scripts into markdown files. Attackers can upload specially crafted markdown files containing JavaScript code. When these files are opened, the embedded scripts execute,...

CVE-2021-47839

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

CVE-2021-47839 Marky 0.0.1 - Persistent Cross-Site Scripting

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

CVE-2021-47839 Marky 0.0.1 - Persistent Cross-Site Scripting

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

CVE-2021-47839

CVE-2021-47839 concerns Marky 0.0.1, where a persistent cross-site scripting (XSS) flaw allows attackers to inject and store JavaScript in uploaded markdown files. When such files are opened, embedded scripts can execute, potentially enabling remote code execution. The provided documents describe...

Marky security vulnerabilities

Marky is a Markdown editor developed by Alessandro Arnodo of Switzerland. Version 0.0.1 of Marky contains a security vulnerability; this vulnerability stems from allowing malicious scripts to be injected into Markdown files, potentially leading to remote code execution...

CVE-2022-26205

Marky commit 3686565726c65756e was discovered to contain a remote code execution RCE vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload...

CVE-2022-26205

Marky commit 3686565726c65756e was discovered to contain a remote code execution RCE vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload...

CVE-2022-26205

CVE-2022-26205 is associated with the Marky project. The vulnerability is a remote code execution (RCE) via the Display text fields, allowing an attacker to inject a crafted payload to execute arbitrary code. Red Hat and other records corroborate the RCE via Marky commit 3686565726c65756e. Exploi...

CVE-2022-26205

Marky commit 3686565726c65756e was discovered to contain a remote code execution RCE vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload...

Marky 注入漏洞

Marky is a Markdown editor by Alessandro Arnodo, a Swiss individual developer. Marky suffers from an injection vulnerability that allows an attacker to execute arbitrary code by injecting a carefully crafted attack payload...

Marky 0.0.1 Cross Site Scripting / Code Execution

Exploit Title: Marky 0.0.1 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software...

Marky 0.0.1 - Persistent Cross-Site Scripting

Exploit Title: Marky 0.0.1 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software Description: Marky is an...

Marky 0.0.1 - XSS to Remote Command Execution Vulnerability

Exploit Title: Marky 0.0.1 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software Description: Marky is an editor for markdown with a friendly...

GHSA-PXMP-FWJC-4X7Q HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is youtube.com but it is possible to bypass the validation with sources where youtube.com is the sub-domain, such as youtube.com.evil.co. This Recommendatio...

HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is youtube.com but it is possible to bypass the validation with sources where youtube.com is the sub-domain, such as youtube.com.evil.co. This Recommendatio...

@clue/webpack-polyfills-plugin (=0.0.9), @helpdotcom/help-gen (=1.0.0) +39 more potentially affected by unknown CVE via marky-markdown (>=11.3.2 <=9.0.3)

marky-markdown NPM version =11.3.2, =0.0.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.7.3-alpha, =0.1.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.34, =1.0.0, =1.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PXMP-FWJC-4X7Q...

GHSA-MG69-6J3M-JVGW HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgrade to...

HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgrade to...

@clue/webpack-polyfills-plugin (=0.0.9), @helpdotcom/help-gen (=1.0.0) +39 more potentially affected by unknown CVE via marky-markdown (>=11.3.2 <=9.0.3)

marky-markdown NPM version =11.3.2, =0.0.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.7.3-alpha, =0.1.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.34, =1.0.0, =1.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-MG69-6J3M-JVGW...