Every CVE whose affected-product data names Marktext, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2022-25069 — CVSS 9.6 (critical): Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote…
CVE-2021-29996 — CVSS 9.6 (critical): Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files…
CVE-2022-24123 — CVSS 9.0 (critical): MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md…
CVE-2023-2318 — CVSS 8.6 (high): DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary…
CVE-2020-27176 — CVSS 8.3 (high): Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of…
CVE-2022-21158 — CVSS 5.4 (medium): A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript…
CVE-2023-1004 — CVSS 5.3 (medium): A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown…