CVE-2021-47836
6.1 MEDIUMMarkdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads...
Published: 2026-01-16 · Last updated: 2026-04-15
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- CWE
- CWE-79
Description
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-47836
- [Other]https://github.com/jersou/markdown-explorer
- [Other]https://imgur.com/a/w4bcPWs
- [Other]https://www.exploit-db.com/exploits/49826
- [Other]https://www.vulncheck.com/advisories/markdown-explorer-persistent-cross-site-scripting
- [Other]https://www.vulncheck.com/advisories/markdown-explorer-persistent-cross-site-scripting
Related CVEs
Same CWE
- CVE-2026-12425 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
- CVE-2024-30476 — PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
- CVE-2026-54198 — Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
- CVE-2026-54191 — Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
- CVE-2026-39437 — Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)