cvedb.io
CVE-2017-11593
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2017-07-24T01:29:00.710 · Last modified 2026-06-17T01:02:04.210

Summary

Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization.

Affected products

ooso — markdown_preview_plus

Does this affect you?

Add your gear to cvedb and we'll alert you only when ooso ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.