Vulnerability Details CVE-2022-21158
A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.6%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2022-21158
-
cpe:2.3:a:marktext:marktext:0.0.1
-
cpe:2.3:a:marktext:marktext:0.10.21
-
cpe:2.3:a:marktext:marktext:0.11.42
-
cpe:2.3:a:marktext:marktext:0.12.20
-
cpe:2.3:a:marktext:marktext:0.12.25
-
cpe:2.3:a:marktext:marktext:0.13.50
-
cpe:2.3:a:marktext:marktext:0.13.53
-
cpe:2.3:a:marktext:marktext:0.13.65
-
cpe:2.3:a:marktext:marktext:0.14.0
-
cpe:2.3:a:marktext:marktext:0.15.0
-
cpe:2.3:a:marktext:marktext:0.15.1
-
cpe:2.3:a:marktext:marktext:0.16.0
-
cpe:2.3:a:marktext:marktext:0.16.1
-
cpe:2.3:a:marktext:marktext:0.16.2
-
cpe:2.3:a:marktext:marktext:0.16.3
-
cpe:2.3:a:marktext:marktext:0.2.0
-
cpe:2.3:a:marktext:marktext:0.3.0
-
cpe:2.3:a:marktext:marktext:0.4.0
-
cpe:2.3:a:marktext:marktext:0.5.2
-
cpe:2.3:a:marktext:marktext:0.6.10
-
cpe:2.3:a:marktext:marktext:0.6.13
-
cpe:2.3:a:marktext:marktext:0.6.14
-
cpe:2.3:a:marktext:marktext:0.7.17
-
cpe:2.3:a:marktext:marktext:0.8.12
-
cpe:2.3:a:marktext:marktext:0.9.25