CVE-2020-19952

MEDIUM

jbt live_github-flavored_markdown_editor < 2019-10-27 - Cross-Site Scripting in Rendering Engine

Title source: llm
STIX 2.1

Description

Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.

Scores

CVSS v3 6.1
EPSS 0.0053
EPSS Percentile 41.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
jbt/live_\(github-flavored\)_markdown_editor < 2019-10-27
Published Aug 11, 2023
Tracked Since Feb 18, 2026