PT-2022-14890 · Marktext · Marktext
Eiji Mori
·
Published
2022-03-07
·
Updated
2022-03-15
·
CVE-2022-21158
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
marktext versions prior to v0.17.0
Description
A stored cross-site scripting issue due to improper handling of links with the
javascript: scheme inside documents may allow an attacker to execute arbitrary scripts on a user's PC.Recommendations
For marktext versions prior to v0.17.0, update to version v0.17.0 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Marktext