CVE-2021-47840
HIGHMoeditor 0.2.0 - XSS
Title source: llmDescription
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's system.
Exploits (1)
exploitdb
WORKING POC
by TaurusOmar · javascriptwebappsmultiple
https://www.exploit-db.com/exploits/49830
Scores
CVSS v3
7.2
EPSS
0.0004
EPSS Percentile
11.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Published
Jan 16, 2026
Tracked Since
Feb 18, 2026