CVE-2021-47836

EUVD-2026-2896
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowing code execution on the host.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Common Weakness Enumeration
References
https://github.com/jersou/markdown-explorer
https://imgur.com/a/w4bcPWs
https://www.exploit-db.com/exploits/49826
https://www.vulncheck.com/advisories/markdown-explorer-persistent-cross-site-scripting
https://www.vulncheck.com/advisories/markdown-explorer-persistent-cross-site-scripting