CVE-2021-47839

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/vesparny/marky
https://imgur.com/a/qclfrUx
https://www.exploit-db.com/exploits/49831
https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting
https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Marky 0.0.1 contiene una vulnerabilidad persistente de cross-site scripting que permite a los atacantes inyectar scripts maliciosos en archivos markdown. Los atacantes pueden subir archivos markdown manipulados con cargas útiles de JavaScript incrustadas que se ejecutan cuando se abre el archivo, lo que podría permitir la ejecución remota de código.

16 Jan 2026, 22:16

Type	Values Removed	Values Added
References	~~() https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting -~~	() https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting -

16 Jan 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-16 19:16

Updated : 2026-04-15 00:35

NVD link : CVE-2021-47839

Mitre link : CVE-2021-47839

CVE.ORG link : CVE-2021-47839

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-47839", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-16T19:16:09.537", "references": [{"url": "https://github.com/vesparny/marky", "source": "disclosure@vulncheck.com"}, {"url": "https://imgur.com/a/qclfrUx", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/49831", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/marky-persistent-cross-site-scripting", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution."}, {"lang": "es", "value": "Marky 0.0.1 contiene una vulnerabilidad persistente de cross-site scripting que permite a los atacantes inyectar scripts maliciosos en archivos markdown. Los atacantes pueden subir archivos markdown manipulados con cargas \u00fatiles de JavaScript incrustadas que se ejecutan cuando se abre el archivo, lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}