CVE-2021-20727

Cross-site Scripting in Zettlr (Zettlr における XSS (クロスサイトスクリプティング))

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr.

Disclosure Date

2021/05/26

Credit

Eiji Mori (@ei01241)

Affected-Versions

Zettlr: v1.8.8 and earlier

CWE

CWE-79

Product-URLs

https://www.zettlr.com/

Reference

https://jvn.jp/en/jp/JVN98239374/index.html
https://github.com/Zettlr/Zettlr
https://www.zettlr.com/post/postmortem-zettlr-first-security-incident

Back

Cross-site Scripting in Zettlr (Zettlr における XSS (クロスサイトスクリプティング))

Disclosure Date

Credit

Affected-Versions

CWE

Product-URLs

Reference

会社情報

サービス紹介

お問い合わせ