exploitDog

CVE-2025-60312

Опубликовано: 07 окт. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button.

Ссылки

https://github.com/ChuckBartowski7/Vulnerability-Research/blob/main/CVE-2025-60312/README.md
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/18295/markdown-html-converter-using-php-and-javascript-source-code.html
Product
https://github.com/ChuckBartowski7/Vulnerability-Research/blob/main/CVE-2025-60312/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rems:markdown_to_html_converter:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00089

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-vmv5-whxc-fr99

CVSS3: 6.1

github

4 месяца назад

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button.

EPSS

Процентиль: 25%

0.00089

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79