Disclosure Date 2021/05/26
CVE-2021-20727
Cross-site Scripting in Zettlr
Zettlr における XSS (クロスサイトスクリプティング)
Credit
Eiji Mori (@ei01241)
Affected-Versions
Zettlr: v1.8.8 and earlier
CWE
- CWE-79
Description
Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr.