Cross-Site Scripting Vulnerability in Mark Text by Mark Text
CVE-2020-27176

8.3HIGH

Key Information:

Vendor: Marktext
Status: Marktext
Vendor: CVE Published:; 16 October 2020

What is CVE-2020-27176?

The vulnerability in Mark Text allows for a Mutation Cross-Site Scripting (XSS) attack that can lead to Remote Code Execution. This issue arises from the design flaw in the 'source code mode' feature, which improperly parses HTML. Even though HTML rendering is not a primary function of the software, its existence creates a significant security risk, enabling potential exploitation through crafted input.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/marktext/marktext/issues/2360

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2020
Vulnerability Reserved
Oct 16, 2020

JSON

Marktext

What is CVE-2020-27176?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.