CVE-2020-19952

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-19952
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-19952.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-19952
Published
2023-08-11T14:15:09.927Z
Modified
2026-05-12T11:50:40.953501822Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:a:jbt:live_\\(github-flavored\\)_markdown_editor:*:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "fixed": "2019-10-27"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/jbt/markdown-editor

Affected ranges

Type
GIT
Repo
https://github.com/jbt/markdown-editor
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
228f1947a5242a6fbe2995d72d21b7e5f5178f35
Database specific 
{
    "source": "REFERENCES"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-19952.json"