Bug 2430451 (CVE-2021-47839)
| Summary: | CVE-2021-47839 marky: Marky: Remote Code Execution via persistent cross-site scripting | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | anthomas, ehelms, ggainey, jcantril, juwatts, mhulan, nmoumoul, osousa, pcreech, rchan, rojacob, smallamp, tmalecek |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Marky. This persistent cross-site scripting (XSS) vulnerability allows attackers to inject malicious scripts into markdown files. Attackers can upload specially crafted markdown files containing JavaScript code. When these files are opened, the embedded scripts execute, potentially leading to remote code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-01-16 20:02:15 UTC
|