DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.
References
Link | Resource |
---|---|
https://github.com/marktext/marktext/issues/3618 | Exploit Issue Tracking |
https://starlabs.sg/advisories/23/23-2318/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: STAR_Labs
Published: 2023-08-19T05:43:56.387Z
Updated: 2023-08-19T05:43:56.387Z
Reserved: 2023-04-27T04:51:16.289Z
Link: CVE-2023-2318
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-19T06:15:46.883
Modified: 2023-08-24T14:36:07.020
Link: CVE-2023-2318
JSON object: View
Redhat Information
No data.
CWE