CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 2CVE-2023-2318 – MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-2318
19 Aug 2023 — DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText. Cross-Site Scripting (XSS) basado en DOM en src/muya/lib/contentState/pasteCtrl.js de MarkText 0.17.1. y anteriores en Windows, Linux y macOS permite ejecutar código JavaScript arbitrario en el contexto de l... • https://github.com/marktext/marktext/issues/3618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-1004 – MarkText WSH JScript code injection
https://notcve.org/view.php?id=CVE-2023-1004
24 Feb 2023 — A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://github.com/marktext/marktext/issues/3575 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21158
https://notcve.org/view.php?id=CVE-2022-21158
07 Mar 2022 — A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext. Una vulnerabilidad de tipo cross-site scripting almacenada en marktext versiones anteriores a la v0.17.0 debido a un manejo inapropiado del enlace (con esquema javascript:) dentro del documento puede permitir a un atacante ejecutar un script arbitrario en ... • https://github.com/marktext/marktext/releases/tag/v0.17.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25069
https://notcve.org/view.php?id=CVE-2022-25069
05 Mar 2022 — Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js. Se ha detectado que Mark Text versión v0.16.3, contiene una vulnerabilidad de tipo cross-site scripting (XSS) basada en el DOM que permite a atacantes llevar a cabo una ejecución de código remota (RCE) por medio de una inyección de una carga útil diseñada en /lib/contentState/pasteCt... • https://github.com/marktext/marktext/issues/2990 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24123
https://notcve.org/view.php?id=CVE-2022-24123
29 Jan 2022 — MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload. MarkText versiones hasta 0.16.3 no sanea la entrada de un bloque de sirena antes de renderizarlo. Esto podría conllevar a una Ejecución de Código Remota por medio de un archivo .md que contenga una carga útil mutada de tipo Cross-Site Scripting (XSS) • https://github.com/marktext/marktext/issues/2946 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 1CVE-2021-29996
https://notcve.org/view.php?id=CVE-2021-29996
05 Apr 2021 — Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. Mark Text versiones hasta 0.16.3, permite a atacantes ejecutar comandos de forma arbitraria. Esto podría conllevar a una Ejecución de Código Remota (RCE) al abrir archivos .md que contienen una carga útil de mutación de tipo Cross Site Scripting (XSS) • https://github.com/marktext/marktext/issues/2548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27176
https://notcve.org/view.php?id=CVE-2020-27176
16 Oct 2020 — Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product. La mutación XSS se presenta en Mark Text versiones hasta 0.16.2, que conlleva a una Ejecución de Código Remota. NOTA: esto podría ser considerado un duplicado del CV... • https://github.com/marktext/marktext/issues/2360 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •