{"id":"CVE-2023-2318","summary":"MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution","details":"DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.","modified":"2026-05-15T11:54:26.924315447Z","published":"2023-08-19T05:43:56.387Z","database_specific":{"cna_assigner":"STAR_Labs","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/2xxx/CVE-2023-2318.json","cwe_ids":["CWE-79"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/2xxx/CVE-2023-2318.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2318"},{"type":"ADVISORY","url":"https://starlabs.sg/advisories/23/23-2318/"},{"type":"REPORT","url":"https://github.com/marktext/marktext/issues/3618"},{"type":"PACKAGE","url":"https://github.com/marktext/marktext"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}