CVE-2022-25069

Name of the Vulnerable Software and Affected Versions Mark Text version 0.16.3

Description A DOM-based cross-site scripting (XSS) issue allows attackers to perform remote code execution (RCE) by injecting a crafted payload into /lib/contentState/pasteCtrl.js. This enables attackers to execute malicious code remotely.

Recommendations For Mark Text version 0.16.3, consider disabling the /lib/contentState/pasteCtrl.js module until a patch is available to prevent remote code execution. Restrict access to this module to minimize the risk of exploitation. Avoid using the affected module in the /lib/contentState/pasteCtrl.js file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.