3 matches found
CVE-2021-26835
No filtering of cross-site scripting XSS payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file...
Cross site scripting
No filtering of cross-site scripting XSS payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file...
CVE-2021-26835
CVE-2021-26835 affects Zettlr 1.8.7, where the markdown-editor lacks filtering of XSS payloads, enabling remote code execution via a crafted file. The issue is tied to the editor component, with the root cause described as insufficient input sanitization. Impact described as remote code execution...