First published: Sat Jan 29 2022(Updated: )
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Marktext Marktext | <=0.16.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.