{"api_version":"1","generated_at":"2026-04-21T08:56:17+00:00","cve":"CVE-2020-27176","urls":{"html":"https://cve.report/CVE-2020-27176","api":"https://cve.report/api/cve/CVE-2020-27176.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-27176","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-27176"},"summary":{"title":"CVE-2020-27176","description":"Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the \"source code mode\" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-10-16 05:15:00","updated_at":"2020-10-26 17:10:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://github.com/marktext/marktext/issues/2360","name":"https://github.com/marktext/marktext/issues/2360","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Security issue: Mutation XSS to RCE in MarkText · Issue #2360 · marktext/marktext · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-27176","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27176","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"27176","vulnerable":"1","versionEndIncluding":"0.16.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"marktext","cpe5":"marktext","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-27176","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the \"source code mode\" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/marktext/marktext/issues/2360","refsource":"MISC","name":"https://github.com/marktext/marktext/issues/2360"}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R","version":"3.1"}}},"nvd":{"publishedDate":"2020-10-16 05:15:00","lastModifiedDate":"2020-10-26 17:10:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.6,"baseSeverity":"CRITICAL"},"exploitabilityScore":2.8,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:marktext:marktext:*:*:*:*:*:*:*:*","versionEndIncluding":"0.16.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"27176","Ordinal":"188610","Title":"CVE-2020-27176","CVE":"CVE-2020-27176","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"27176","Ordinal":"1","NoteData":"Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the \"source code mode\" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"27176","Ordinal":"2","NoteData":"2020-10-16","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"27176","Ordinal":"3","NoteData":"2020-10-16","Type":"Other","Title":"Modified"}]}}}