CVE-2023-2318

Summary

CVE-2023-2318 is a DOM-based Cross-Site Scripting (XSS) vulnerability affecting MarkText version 0.17.1 and prior on Windows, Linux, and macOS. Malicious JavaScript code can be executed in the MarkText main window if a user pastes text from a compromised webpage into the editor. This issue resides in src/muya/lib/contentState/pasteCtrl.js. Successful exploitation could lead to unintended actions, such as session hijacking or data theft, putting users at risk. Updating to the latest version of MarkText is recommended to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.