CVE-2022-25069

Published March 5th, 2022

View on NVD ↗

CVSS v3

9.6

CRITICAL

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js.

marktext/marktext

📝A simple and elegant markdown editor, available for Linux, macOS and Windows.

GitHub

57.9K