Vulnerabilities > Inkdrop > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-09 CVE-2022-46603 Cross-site Scripting vulnerability in Inkdrop 5.4.1
An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file.
network
low complexity
inkdrop CWE-79
6.1
6.1
2022-09-09 CVE-2022-38639 Cross-site Scripting vulnerability in Inkdrop Markdown Nice 1.8.22
A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field.
network
low complexity
inkdrop CWE-79
5.4
5.4