CVE-2021-47836

MEDIUM

Markdown Explorer 0.1.1 - Stored Cross-Site Scripting via File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47836. PoCs published by Taurus Omar.

AI-analyzed exploit summary This exploit leverages an XSS vulnerability in Markdown Explorer 0.1.1 to achieve RCE by embedding a malicious payload in a markdown file. The payload executes a reverse shell via netcat and spawns a calculator as a proof of concept.

Description

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads that execute in the application's privileged renderer context, allowing code execution on the host.

Exploits (1)

exploitdb WORKING POC
by Taurus Omar · javascriptwebappsmultiple
https://www.exploit-db.com/exploits/49826

This exploit leverages an XSS vulnerability in Markdown Explorer 0.1.1 to achieve RCE by embedding a malicious payload in a markdown file. The payload executes a reverse shell via netcat and spawns a calculator as a proof of concept.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Markdown Explorer 0.1.1
No auth needed
Prerequisites: Victim must open a malicious markdown file in the vulnerable software
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0002
EPSS Percentile 5.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
jersou/Markdown Explorer 0.1.1
Published Jan 16, 2026
Tracked Since Feb 18, 2026