Vulnerabilities > Marktext

DATE CVE VULNERABILITY TITLE RISK
2023-08-19 CVE-2023-2318 Cross-site Scripting vulnerability in Marktext
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window.
network
low complexity
marktext CWE-79
critical
 9.6
9.6
2023-02-24 CVE-2023-1004 Code Injection vulnerability in Marktext
A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical.
local
low complexity
marktext CWE-94
7.8
7.8
2022-03-10 CVE-2022-21158 Cross-site Scripting vulnerability in Marktext
A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.
network
low complexity
marktext CWE-79
5.4
5.4
2022-03-05 CVE-2022-25069 Cross-site Scripting vulnerability in Marktext 0.16.3
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js.
network
low complexity
marktext CWE-79
critical
 9.6
9.6
2022-01-29 CVE-2022-24123 Cross-site Scripting vulnerability in Marktext
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering.
network
low complexity
marktext CWE-79
critical
 9.0
9.0
2021-04-05 CVE-2021-29996 Cross-site Scripting vulnerability in Marktext
Mark Text through 0.16.3 allows attackers arbitrary command execution.
network
low complexity
marktext CWE-79
critical
 9.6
9.6
2020-10-16 CVE-2020-27176 Cross-site Scripting vulnerability in Marktext
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution.
network
low complexity
marktext CWE-79
critical
 9.6
9.6