Primary

Context

Marky Persistent Cross-Site Scripting Vulnerability

Vulnerability

A persistent cross-site scripting vulnerability has been identified in Marky version 0.0.1. This vulnerability allows attackers to inject malicious scripts into markdown files. When these crafted markdown files, containing embedded JavaScript payloads, are opened, the scripts execute, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, with the injected scripts executing automatically when the affected markdown files are opened. This behavior could be leveraged for remote code execution.

Reproduction

To reproduce this vulnerability, upload a markdown file containing a JavaScript payload into the Marky application. Once the file is opened, the embedded script will execute, demonstrating the cross-site scripting vulnerability. This exploitation could be further extended to achieve remote code execution.

Added: Jan 16, 2026, 8:06 PM

Updated: Jan 16, 2026, 10:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Marky Persistent Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

vesparny marky

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating