CVE-2023-1004 MEDIUM

CVE-2023-1004: MarkText WSH JScript code injection

Vendor N/A
Product MarkText
Weakness CWE-94 · Code injection
Published February 24, 2023
Last update November 22, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.

Key dates

02Disclosure timeline

February 24, 2023 CVE published
November 22, 2024 Record updated