CVE-2020-19952

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-19952
Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5178f35 Patch
https://github.com/jbt/markdown-editor/issues/106 Exploit Issue Tracking Third Party Advisory
https://github.com/jbt/markdown-editor/pull/110 Patch
https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5178f35 Patch
https://github.com/jbt/markdown-editor/issues/106 Exploit Issue Tracking Third Party Advisory
https://github.com/jbt/markdown-editor/pull/110 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:jbt:live_\(github-flavored\)_markdown_editor:*:*:*:*:*:*:*:*
History

21 Nov 2024, 05:09

Type Values Removed Values Added
References () https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5178f35 - Patch () https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5178f35 - Patch
References () https://github.com/jbt/markdown-editor/issues/106 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/jbt/markdown-editor/issues/106 - Exploit, Issue Tracking, Third Party Advisory
References () https://github.com/jbt/markdown-editor/pull/110 - Patch () https://github.com/jbt/markdown-editor/pull/110 - Patch

18 Aug 2023, 18:14

Type Values Removed Values Added
CPE cpe:2.3:a:jbt:live_\(github-flavored\)_markdown_editor:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
CWE CWE-79
References (MISC) https://github.com/jbt/markdown-editor/pull/110 - (MISC) https://github.com/jbt/markdown-editor/pull/110 - Patch
References (CONFIRM) https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5178f35 - (CONFIRM) https://github.com/jbt/markdown-editor/commit/228f1947a5242a6fbe2995d72d21b7e5f5178f35 - Patch
References (MISC) https://github.com/jbt/markdown-editor/issues/106 - (MISC) https://github.com/jbt/markdown-editor/issues/106 - Exploit, Issue Tracking, Third Party Advisory

11 Aug 2023, 15:18

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-11 14:15

Updated : 2024-11-21 05:09

NVD link : CVE-2020-19952

Mitre link : CVE-2020-19952

CVE.ORG link : CVE-2020-19952

JSON object : View

Products Affected

jbt

  • live_\(github-flavored\)_markdown_editor
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')