CVE-2021-47840

HIGH

Moeditor 0.2.0 - XSS

Title source: llm

Description

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's system.

Exploits (1)

exploitdb WORKING POC

by TaurusOmar · javascriptwebappsmultiple

https://www.exploit-db.com/exploits/49830

View Code ZIP pw:eip

References (4)

[Various Sources] https://imgur.com/a/UdP4JaX

[Various Sources] https://moeditor.js.org/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49830

[Third Party Advisory] https://www.vulncheck.com/advisories/moeditor-persistent-cross-site-scripting

Scores

CVSS v3 7.2

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Timeline

Published Jan 16, 2026

Tracked Since Feb 18, 2026