보안1 CVE-2022-25069: Mark text : Remote code execution through pasting content About Mark text (https://marktext.app/) is a markdown editor built with electron.js and vue.js v2.6.14. I've discovered containing a DOM-based cross-scripting (XSS) vulnerability that allows attackers to perform remote code execution via pasting a crafted payload from a clipboard. Details The above HTML is inserted into the Mark Text as a DOM through the source code below, and the remote code ex.. 2022. 3. 15. 1
