DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.
References
Link | Resource |
---|---|
https://github.com/marktext/marktext/issues/3618 | Exploit Issue Tracking |
https://starlabs.sg/advisories/23/23-2318/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
24 Aug 2023, 14:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:marktext:marktext:*:*:*:*:*:*:*:* |
|
References | (MISC) https://starlabs.sg/advisories/23/23-2318/ - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/marktext/marktext/issues/3618 - Exploit, Issue Tracking | |
CWE | CWE-79 | |
First Time |
Linux
Microsoft Marktext Apple Apple macos Linux linux Kernel Marktext marktext Microsoft windows |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
19 Aug 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-19 06:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-2318
Mitre link : CVE-2023-2318
CVE.ORG link : CVE-2023-2318
JSON object : View
Products Affected
linux
- linux_kernel
marktext
- marktext
microsoft
- windows
apple
- macos
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')