Vulnerability Description
Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jbt | Live \(Github-Flavored\) Markdown Editor | < 2019-10-27 |
Related Weaknesses (CWE)
References
- https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5Patch
- https://github.com/jbt/markdown-editor/issues/106ExploitIssue TrackingThird Party Advisory
- https://github.com/jbt/markdown-editor/pull/110Patch
- https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5Patch
- https://github.com/jbt/markdown-editor/issues/106ExploitIssue TrackingThird Party Advisory
- https://github.com/jbt/markdown-editor/pull/110Patch
FAQ
What is CVE-2020-19952?
CVE-2020-19952 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted p...
How severe is CVE-2020-19952?
CVE-2020-19952 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-19952?
Check the references section above for vendor advisories and patch information. Affected products include: Jbt Live \(Github-Flavored\) Markdown Editor.