Disclosure Date 2022/03/02

CVE-2022-21158

Cross-site Scripting in MarkText

MarkText における XSS (クロスサイトスクリプティング)

Credit

Eiji Mori (@ei01241)

Affected-Versions

Marktext: v0.16.3 and earlier, Fixed in v0.17.0

CWE

  • CWE-79

Description

MarkText contains a cross-site scripting vulnerability, which causes execution of arbitrary script upon opening the Markdown file from the application.

Product-URLs

Back