CVE-2020-19952

Description

Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.

Related CPE's

a jbt live_\(github-flavored\)_markdown_editor ********

References

https://github.com/jbt/markdown-editor/issues/106

ExploitIssue TrackingThird Party Advisory

https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5178f35

Patch

https://github.com/jbt/markdown-editor/pull/110

Patch

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io