CVE-2017-11593
MEDIUMMarkdown Preview Plus <0.5.7 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization.
Scores
CVSS v3
6.1
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
ooso/markdown_preview_plus
< 0.4.5
n/a/n/a
Published
Jul 24, 2017
Tracked Since
Feb 18, 2026