CVE-2021-47838

HIGH

Markright 1.0 - XSS

Title source: llm

Description

Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system.

Exploits (1)

exploitdb WORKING POC

by TaurusOmar · javascriptwebappsmultiple

https://www.exploit-db.com/exploits/49834

View Code ZIP pw:eip

References (4)

[Various Sources] https://github.com/dvcrn/markright

[Various Sources] https://imgur.com/a/VOsgKbZ

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49834

[Third Party Advisory] https://www.vulncheck.com/advisories/markright-persistent-cross-site-scripting

Scores

CVSS v3 7.2

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Published Jan 16, 2026

Tracked Since Feb 18, 2026