top of page
perceptive_background_267k.jpg

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload…

Published:

15 januari 2026 om 23:00:00

Alert date:

16 januari 2026 om 20:08:27

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened. This vulnerability potentially enables remote code execution, making it a high-severity security issue. The vulnerability affects the markdown processing functionality of the Marky application. Multiple references and proof-of-concept exploits are available demonstrating the vulnerability.

Technical details

Mitigation steps:

Affected products:

Marky

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47839
https://github.com/vesparny/marky
https://imgur.com/a/qclfrUx
https://www.exploit-db.com/exploits/49831
https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page