{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2021-47839", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-14T17:11:19.901Z", "datePublished": "2026-01-16T19:09:37.915Z", "dateUpdated": "2026-06-30T03:21:16.530Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-05T01:28:50.503Z" }, "datePublic": "2021-04-05T00:00:00.000Z", "title": "Marky 0.0.1 - Persistent Cross-Site Scripting", "descriptions": [ { "lang": "en", "value": "Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE" } ] } ], "affected": [ { "vendor": "vesparny", "product": "Marky", "versions": [ { "version": "0.0.1", "status": "affected" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:marky_project:marky:0.0.1:*:*:*:*:*:*:*" } ] } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.exploit-db.com/exploits/49831", "name": "ExploitDB-49831", "tags": [ "exploit" ] }, { "url": "https://github.com/vesparny/marky", "name": "Marky GitHub Repository", "tags": [ "product" ] }, { "url": "https://imgur.com/a/qclfrUx", "name": "Proof of Concept Video", "tags": [ "exploit" ] }, { "name": "VulnCheck Advisory: Marky 0.0.1 - Persistent Cross-Site Scripting", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting" } ], "credits": [ { "lang": "en", "value": "TaurusOmar", "type": "finder" } ], "x_generator": { "engine": "vulncheck" } }, "adp": [ { "references": [ { "url": "https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting", "tags": [ "exploit" ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-01-16T21:00:17.180982Z", "id": "CVE-2021-47839", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T21:09:40.977Z" } }, { "affected": [ { "cpes": [ "cpe:/a:redhat:logging:5" ], "defaultStatus": "unaffected", "product": "Logging Subsystem for Red Hat OpenShift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "unaffected", "product": "Red Hat Satellite 6", "vendor": "Red Hat" } ], "datePublic": "2026-01-16T19:09:37.915Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in Marky. This persistent cross-site scripting (XSS) vulnerability allows attackers to inject malicious scripts into markdown files. Attackers can upload specially crafted markdown files containing JavaScript code. When these files are opened, the embedded scripts execute, potentially leading to remote code execution." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2021-47839" }, { "name": "RHBZ#2430451", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430451" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-47839.json" } ], "timeline": [ { "lang": "en", "time": "2026-01-16T20:01:50.311Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-01-16T19:09:37.915Z", "value": "Made public." } ], "title": "marky: Marky: Remote Code Execution via persistent cross-site scripting", "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T03:21:16.530Z" } } ] } }