ГлавнаяУязвимости → CVE-2021-47840
7.2высокая

CVE-2021-47840

Описание

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's system.

CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Источники
https://imgur.com/a/UdP4JaXhttps://moeditor.js.org/https://www.exploit-db.com/exploits/49830https://www.vulncheck.com/advisories/moeditor-persistent-cross-site-scriptinghttps://www.vulncheck.com/advisories/moeditor-persistent-cross-site-scripting