Marked 2 up to and including 2.5.11 allows remote malicious users to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
marked 2 project marked 2 |