Primary

Context

Markdown Explorer Cross-Site Scripting Vulnerability Allowing Remote Code Execution

Vulnerability

A cross-site scripting vulnerability has been identified in Markdown Explorer version 0.1.1. This issue allows attackers to inject malicious JavaScript payloads through file uploads and editor inputs. When the injected markdown files are opened, the embedded scripts are executed, potentially leading to unauthorized access and execution of commands on the victim's system.

Impact

Exploitation of this vulnerability allows for cross-site scripting, with the injected scripts executed in the context of the user.

Reproduction

To reproduce this vulnerability, upload a markdown file containing a JavaScript payload through the application's file upload feature. Alternatively, inject a script into the editor input. Once the file is opened or the editor input is viewed, the payload will execute, demonstrating the cross-site scripting vulnerability.

Added: Jan 16, 2026, 7:32 PM

Updated: Jan 16, 2026, 10:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Markdown Explorer Cross-Site Scripting Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating