Unrated severityNVD Advisory· Published Jan 11, 2023· Updated Apr 8, 2025

XSS in Caret markdown editor leads to remote code execution when viewing crafted Markdown files

CVE-2022-42967

Description

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.

Affected products

Careteditor/Caretv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

research.jfrog.com/vulnerabilities/caret-xss-rce/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000