CVE-2021-47839 MEDIUM

CVE-2021-47839: Marky 0.0.1 - Persistent Cross-Site Scripting

Vendor Vesparny

Product Marky

Weakness CWE-79 · XSS

Published January 16, 2026

Last update June 30, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.

Key dates

02Disclosure timeline

January 16, 2026 CVE published

June 30, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-47839 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-6747 Avada (Fusion) Builder <= 3.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2021-36911 WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability CVE-2025-23885 WordPress MJ Contact us Plugin <= 5.2.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-0087 Swifty Page Manager <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-0157 Cross-site Scripting (XSS) - Stored in phoronix-test-suite/phoronix-test-suite