Search criteria
2 vulnerabilities by markdown-pdf_project
CVE-2023-0835 (GCVE-0-2023-0835)
Vulnerability from cvelistv5 – Published: 2023-04-04 00:00 – Updated: 2025-12-03 20:12
VLAI
Title
markdown-pdf 11.0.0 - Local File Read via Server Side XSS
Summary
markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Server Side XSS
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | markdown-pdf |
Affected:
11.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/relsb/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.npmjs.com/package/markdown-pdf/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0835",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T15:57:09.365845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T15:58:16.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://registry.npmjs.org",
"defaultStatus": "unaffected",
"packageName": "markdown-pdf",
"product": "markdown-pdf",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "11.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003emarkdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.\u003c/p\u003e"
}
],
"value": "markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server Side XSS",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T20:12:39.525Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/relsb/"
},
{
"url": "https://www.npmjs.com/package/markdown-pdf/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "markdown-pdf 11.0.0 - Local File Read via Server Side XSS",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-0835",
"datePublished": "2023-04-04T00:00:00.000Z",
"dateReserved": "2023-02-14T00:00:00.000Z",
"dateUpdated": "2025-12-03T20:12:39.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-3770 (GCVE-0-2018-3770)
Vulnerability from cvelistv5 – Published: 2018-07-20 22:00 – Updated: 2024-09-16 16:42
VLAI
Summary
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
Severity
No CVSS data available.
CWE
- CWE-22 - Path Traversal (CWE-22)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://hackerone.com/reports/360727 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HackerOne | markdown-pdf |
Affected:
9.0.0
|
Date Public
2018-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/360727"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "markdown-pdf",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "9.0.0"
}
]
}
],
"datePublic": "2018-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A path traversal exists in markdown-pdf version \u003c9.0.0 that allows a user to insert a malicious html code that can result in reading the local files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal (CWE-22)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T21:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/360727"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-07-20T00:00:00",
"ID": "CVE-2018-3770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "markdown-pdf",
"version": {
"version_data": [
{
"version_value": "9.0.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal exists in markdown-pdf version \u003c9.0.0 that allows a user to insert a malicious html code that can result in reading the local files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/360727",
"refsource": "MISC",
"url": "https://hackerone.com/reports/360727"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2018-3770",
"datePublished": "2018-07-20T22:00:00.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:42:35.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}