Disclosure Date 2021/05/26

CVE-2021-20727

Cross-site Scripting in Zettlr

Zettlr における XSS (クロスサイトスクリプティング)

Credit

Eiji Mori (@ei01241)

Affected-Versions

Zettlr: v1.8.8 and earlier

CWE

CWE-79

Description

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr.

Product-URLs

https://www.zettlr.com/

Reference

https://jvn.jp/en/jp/JVN98239374/index.html
https://github.com/Zettlr/Zettlr
https://www.zettlr.com/post/postmortem-zettlr-first-security-incident

Back

CVE-2021-20727

Credit

Affected-Versions

CWE

Description

Product-URLs

Reference

会社情報

サービス紹介

お問い合わせ