First published: Sat Aug 19 2023(Updated: )
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.
Credit: info@starlabs.sg info@starlabs.sg
Affected Software | Affected Version | How to fix |
---|---|---|
Marktext Marktext | <=0.17.1 | |
Apple macOS | ||
Linux Linux Kernel | ||
Microsoft Windows | ||
Linux Linux kernel |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-2318.
The severity level of CVE-2023-2318 is critical with a severity value of 9.6.
MarkText version 0.17.1 and earlier versions are affected by CVE-2023-2318.
This vulnerability can be exploited if a user copies text from a malicious webpage and pastes it into MarkText, allowing the execution of arbitrary JavaScript code.
Linux, macOS, and Windows are not vulnerable to CVE-2023-2318. Only MarkText version 0.17.1 and earlier on all platforms are affected.