MarkText 0.17.0 Release Candidate 1

CPE Details

MarkText 0.17.0 Release Candidate 1
marktext
marktext
0.17.0
2022-03-14
13h04 +00:00
2022-04-01
00h11 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:marktext:marktext:0.17.0:rc1:*:*:*:*:*:*

Informations

Vendor

marktext

Product

marktext

Version

0.17.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-2318 2023-08-19 05h43 +00:00 DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.
9.6
Critique
CVE-2023-1004 2023-02-24 07h56 +00:00 A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.
7.8
Haute