CVE-2022-24123
Published
CVSS v3
9
CRITICAL
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT
Description
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.
📝A simple and elegant markdown editor, available for Linux, macOS and Windows.
GitHub