CVE-2023-1004 Vulnerability Details

  /     /     /  

CVE-2023-1004 Metadata Quick Info

CVE Published: 24/02/2023 | CVE Updated: 22/11/2024 | CVE Year: 2023
Source: VulDB | Vendor: n/a | Product: MarkText
Status : PUBLISHED

---

CVE-2023-1004 Description

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-94
CWE Name: CWE-94 Code Injection
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).