CVE-2021-47839

Sažetak

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.

Reference

https://github.com/vesparny/marky
https://imgur.com/a/qclfrUx
https://www.exploit-db.com/exploits/49831
https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting
https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting

CVSS

Base:	7.2
Impact:	2.7
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

26-01-2026 - 15:05

Objavljeno

16-01-2026 - 19:16