CVE-2023-2318

Name of the Vulnerable Software and Affected Versions MarkText versions 0.17.1 and before

Description The issue is a DOM-based XSS that allows arbitrary JavaScript code to run in the context of the MarkText main window. This can be exploited if a user copies text from a malicious webpage and pastes it into MarkText. The vulnerability is located in the src/muya/lib/contentState/pasteCtrl.js file.

Recommendations For MarkText versions 0.17.1 and before, consider disabling the paste functionality in the pasteCtrl.js file as a temporary workaround until a patch is available. Restrict access to the contentState module to minimize the risk of exploitation. Avoid using the MarkText application to paste content from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.