Mark Text v0.16.3 exists to contain a DOM-based cross-site scripting (XSS) vulnerability which allows malicious users to perform remote code execution (RCE) via injecting a crafted payload into /lib/contentState/pasteCtrl.js.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
marktext marktext 0.16.3 |