{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2021-47836", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-14T17:11:19.901Z", "datePublished": "2026-01-16T19:09:36.197Z", "dateUpdated": "2026-05-25T23:41:15.697Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-25T23:41:15.697Z" }, "datePublic": "2021-04-05T00:00:00.000Z", "title": "Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting", "descriptions": [ { "lang": "en", "value": "Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowing code execution on the host." } ], "affected": [ { "vendor": "jersou", "product": "Markdown Explorer", "versions": [ { "version": "0.1.1", "status": "affected" } ] } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.exploit-db.com/exploits/49826", "name": "ExploitDB-49826", "tags": [ "exploit" ] }, { "url": "https://github.com/jersou/markdown-explorer", "name": "Markdown Explorer GitHub Repository", "tags": [ "product" ] }, { "url": "https://imgur.com/a/w4bcPWs", "name": "Proof of Concept Video", "tags": [ "exploit" ] }, { "name": "VulnCheck Advisory: Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/markdown-explorer-persistent-cross-site-scripting" } ], "credits": [ { "lang": "en", "value": "TaurusOmar", "type": "finder" } ], "x_generator": { "engine": "vulncheck" } }, "adp": [ { "references": [ { "url": "https://www.vulncheck.com/advisories/markdown-explorer-persistent-cross-site-scripting", "tags": [ "exploit" ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-01-16T21:00:44.698156Z", "id": "CVE-2021-47836", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T21:10:01.232Z" } } ] } }