CVE-2021-47838 MEDIUM

CVE-2021-47838: Markright 1.0 - Persistent Cross-Site Scripting

Vendor Dvcrn

Product Markright

Weakness CWE-79 · XSS

Published January 16, 2026

Last update January 16, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system.

Key dates

02Disclosure timeline

January 16, 2026 CVE published

January 16, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-47838 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-23861 CVE-2023-20068 Cisco Prime Infrastructure Reflected Cross-Site Scripting Vulnerability CVE-2024-51612 WordPress Reftagger Shortcode plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability CVE-2025-30626 WordPress Multimedia Playlist Slider Addon for WPBakery Page Builder <= 2.1 - Cross Site Scripting (XSS) Vulnerability CVE-2024-51664 WordPress Beds24 Online Booking plugin <= 2.0.25 - Cross Site Scripting (XSS) vulnerability