CVE-2021-47836

MEDIUM

Markdown Explorer 0.1.1 - XSS

Title source: llm

Description

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access.

Exploits (1)

exploitdb WORKING POC

by Taurus Omar · javascriptwebappsmultiple

https://www.exploit-db.com/exploits/49826

View Code ZIP pw:eip

References (4)

[Various Sources] https://github.com/jersou/markdown-explorer

[Various Sources] https://imgur.com/a/w4bcPWs

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49826

[Third Party Advisory] https://www.vulncheck.com/advisories/markdown-explorer-persistent-cross-site-scripting

Scores

CVSS v3 6.1

EPSS 0.0001

EPSS Percentile 1.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Timeline

Published Jan 16, 2026

Tracked Since Feb 18, 2026