Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-11
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.
CVSS Score
9.8
EPSS Score
0.043
Published
2021-01-26
Caret before 2019-02-22 allows Remote Code Execution.
CVSS Score
9.8
EPSS Score
0.087
Published
2019-03-22