A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.
References
Link | Resource |
---|---|
https://github.com/marktext/marktext/releases/tag/v0.17.0 | Release Notes Third Party Advisory |
https://jvn.jp/en/jp/JVN89524240/index.html | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2022-03-07T09:00:35
Updated: 2022-03-07T09:00:35
Reserved: 2022-02-17T00:00:00
Link: CVE-2022-21158
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-10T17:45:09.703
Modified: 2022-03-15T19:59:04.483
Link: CVE-2022-21158
JSON object: View
Redhat Information
No data.
CWE