top of page
perceptive_background_267k.jpg

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers ca…

Published:

15 January 2026 at 23:00:00

Alert date:

16 January 2026 at 20:08:27

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

CVE-2021-47837 affects Markdownify 1.2.0, a markdown file editor application. The vulnerability is a persistent cross-site scripting (XSS) flaw that allows attackers to embed malicious scripts within markdown files. When these crafted files are opened by users, the embedded scripts execute automatically. This can potentially lead to remote code execution on the victim's system. The vulnerability has been assigned a high criticality rating and exploit code is publicly available.

Technical details

Mitigation steps:

Affected products:

Markdownify

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47837
https://github.com/amitmerchant1990/electron-markdownify
https://imgur.com/a/T4jBoiS
https://www.exploit-db.com/exploits/49835
https://www.vulncheck.com/advisories/markdownify-persistent-cross-site-scripting

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page