VYPR
Unrated severityNVD Advisory· Published Aug 19, 2023· Updated Oct 7, 2024

MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution

CVE-2023-2318

Description

DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Marktext/Marktextllm-fuzzy2 versions
    <=0.17.1+ 1 more
    • (no CPE)range: <=0.17.1
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.