Primary

Context

Moeditor Persistent Cross-Site Scripting Vulnerability

Vulnerability

A persistent cross-site scripting vulnerability has been identified in Moeditor version 0.2.0. This vulnerability allows attackers to inject malicious JavaScript into markdown files, which is executed when the file is opened. This could potentially lead to remote code execution on the victim's system.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, with the injected payload executed when the markdown file is opened. According to the exploit author, this could lead to remote code execution on the victim's system.

Reproduction

To reproduce this vulnerability, upload a markdown file containing a JavaScript payload into Moeditor 0.2.0. Once the file is opened in the editor, the embedded script will execute, demonstrating the cross-site scripting vulnerability.

Added: Jan 16, 2026, 8:05 PM

Updated: Jan 16, 2026, 10:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.8

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moeditor Persistent Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating