Vulnerability Description
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Marktext | Marktext | <= 0.17.1 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/marktext/marktext/issues/3618ExploitIssue Tracking
- https://starlabs.sg/advisories/23/23-2318/ExploitThird Party Advisory
- https://github.com/marktext/marktext/issues/3618ExploitIssue Tracking
- https://starlabs.sg/advisories/23/23-2318/ExploitThird Party Advisory
FAQ
What is CVE-2023-2318?
CVE-2023-2318 is a vulnerability with a CVSS score of 8.6 (HIGH). DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This v...
How severe is CVE-2023-2318?
CVE-2023-2318 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2318?
Check the references section above for vendor advisories and patch information. Affected products include: Marktext Marktext, Apple Macos, Linux Linux Kernel, Microsoft Windows.