Every CVE whose affected-product data names Zettlr, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2021-20727 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or…
CVE-2021-26835 — CVSS 6.1 (medium): No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code…
CVE-2022-40276 — CVSS 5.5 (medium): Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious…