Описание
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.
Ссылки
- ExploitIssue Tracking
- ExploitThird Party Advisory
- ExploitIssue Tracking
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.17.1 (включая)
Одновременно
cpe:2.3:a:marktext:marktext:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00061
Низкий
8.6 High
CVSS3
9.6 Critical
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 8.6
github
больше 2 лет назад
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.
EPSS
Процентиль: 19%
0.00061
Низкий
8.6 High
CVSS3
9.6 Critical
CVSS3
Дефекты
CWE-79
CWE-79