CVE-2020-27176

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-27176
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27176.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27176
Published
2020-10-16T05:15:11.910Z
Modified
2026-04-10T04:25:59.689011Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.

References

Affected packages

Git / github.com/marktext/marktext

Affected ranges

Type
GIT
Repo
https://github.com/marktext/marktext
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1e7ff906854587fb7686bef62eb78904aa8a63d6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.16.2"
        }
    ]
}

Affected versions

v0.*
v0.0.1
v0.10.21
v0.11.42
v0.12.20
v0.12.25
v0.13.50
v0.13.53
v0.13.65
v0.14.0
v0.14.0-rc.1
v0.15.0
v0.15.0-rc.1
v0.15.0-rc.2
v0.15.0-rc.3
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.0-rc.3
v0.16.2
v0.3.0
v0.4.0
v0.5.2
v0.6.13
v0.7.17
v0.8.12
v0.9.25

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27176.json"