exploitDog

CVE-2022-21158

Опубликовано: 10 мар. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.

Ссылки

https://github.com/marktext/marktext/releases/tag/v0.17.0
Release Notes
Third Party Advisory
https://jvn.jp/en/jp/JVN89524240/index.html
Third Party Advisory
VDB Entry
https://github.com/marktext/marktext/releases/tag/v0.17.0
Release Notes
Third Party Advisory
https://jvn.jp/en/jp/JVN89524240/index.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:marktext:marktext:*:*:*:*:*:*:*:*

Версия до 0.17.0 (исключая)

EPSS

Процентиль: 42%

0.00195

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xfpv-q4q6-7j43

CVSS3: 5.4

github

почти 4 года назад

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.

EPSS

Процентиль: 42%

0.00195

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79