PT-2025-52319 · Unknown · Codigo Markdown Editor
8Bitsec
·
Published
2025-12-18
·
Updated
2025-12-19
·
CVE-2023-53940
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Codigo Markdown Editor version 1.0.1
Description
The software contains a code execution issue that permits attackers to execute arbitrary system commands by creating a malicious markdown file. An attacker can embed a video source with an onerror event, which then executes shell commands using the Node.js child process module when the file is opened. The vulnerable component is the handling of markdown files. The
onerror event is exploited to trigger the execution of commands.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codigo Markdown Editor