CVE-2020-27176

EUVD-2020-19700
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
mitreCNA
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
marktextmarktext
𝑥
≤ 0.16.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/marktext/marktext/issues/2360
https://github.com/marktext/marktext/issues/2360