Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.
References
Link | Resource |
---|---|
https://github.com/marktext/marktext/issues/2360 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-16T04:28:11
Updated: 2020-10-16T04:28:11
Reserved: 2020-10-16T00:00:00
Link: CVE-2020-27176
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-16T05:15:11.910
Modified: 2020-10-26T17:10:12.290
Link: CVE-2020-27176
JSON object: View
Redhat Information
No data.
CWE