CVE-2020-27176

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.

CVSS v3 9.6 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/marktext/marktext/issues/2360	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:marktext:marktext:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-16 05:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-27176

Mitre link : CVE-2020-27176

CVE.ORG link : CVE-2020-27176

JSON object : View

Products Affected

marktext

marktext

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2020-27176", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}]}, "published": "2020-10-16T05:15:11.910", "references": [{"url": "https://github.com/marktext/marktext/issues/2360", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the \"source code mode\" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product."}, {"lang": "es", "value": "La mutaci\u00f3n XSS se presenta en Mark Text versiones hasta 0.16.2, que conlleva a una Ejecuci\u00f3n de C\u00f3digo Remota. NOTA: esto podr\u00eda ser considerado un duplicado del CVE-2020-26870; sin embargo, tambi\u00e9n puede ser considerado un problema en el dise\u00f1o de la funcionalidad \"source code mode\", que analiza HTML aunque el soporte HTML no es uno de los roles principales anunciados del producto"}], "lastModified": "2020-10-26T17:10:12.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:marktext:marktext:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA133919-B076-4F1F-9593-E77391119BC4", "versionEndIncluding": "0.16.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}