English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Marktext Marktext 0.16.1

CPE Details

Marktext Marktext 0.16.1
marktext
marktext
0.16.1
2020-11-05 18:10 +00:00
2020-11-05 18:10 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:marktext:marktext:0.16.1:*:*:*:*:*:*:*

Informations

Vendor

marktext

Product

marktext

Version

0.16.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-2318 2023-08-19 05:43 +00:00 DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.
9.6
CRITICAL
CVE-2023-1004 2023-02-24 07:56 +00:00 A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.
7.8
HIGH
CVE-2022-21158 2022-03-07 08:00 +00:00 A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.
5.4
MEDIUM
CVE-2022-24123 2022-01-29 21:53 +00:00 MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.
9
CRITICAL
CVE-2021-29996 2021-04-05 05:32 +00:00 Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.
9.6
CRITICAL
CVE-2020-27176 2020-10-16 02:28 +00:00 Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.
9.6
CRITICAL

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.