Cyber Resilience

CVE-2021-47838

MediumPublic PoC

Published: 16 January 2026

Published
16 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 13.1th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47838 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Imgur (inferred from references). Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

Markright 1.0, a markdown processing library, contains a persistent cross-site scripting vulnerability identified as CVE-2021-47838 (CWE-79). This flaw enables attackers to embed malicious payloads within markdown files, with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). The issue was published on 2026-01-16.

Attackers can exploit this vulnerability by uploading specially crafted markdown files to systems or services using Markright 1.0. When victims open these files, the embedded payloads execute arbitrary JavaScript in the context of the application, potentially leading to remote code execution on the victim's system. The CVSS vector indicates exploitation is possible over the network with low complexity, no privileges or user interaction required, and changed scope for cross-context impact.

Advisories and additional details, including potential mitigations and patches, are available from sources such as the Markright GitHub repository (https://github.com/dvcrn/markright) and Vulncheck advisories (https://www.vulncheck.com/advisories/markright-persistent-cross-site-scripting). A proof-of-concept exploit is publicly documented on Exploit-DB (https://www.exploit-db.com/exploits/49834).

EU & UK References

Vulnerability details

Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Persistent XSS in markdown parser directly enables arbitrary JavaScript execution (T1059.007) via user-opened malicious files (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2021-47837Shared CWE-79
CVE-2025-1015Shared CWE-79
CVE-2021-47840Shared CWE-79
CVE-2026-33932Shared CWE-79
CVE-2025-69368Shared CWE-79
CVE-2025-0829Shared CWE-79
CVE-2026-3880Shared CWE-79
CVE-2026-34557Shared CWE-79
CVE-2025-22326Shared CWE-79
CVE-2026-33299Shared CWE-79

Affected Assets

Imgur
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation and sanitization of all markdown input to reject or neutralize embedded script payloads before they are stored or rendered.

prevent

Filters or sanitizes rendered markdown output so that malicious JavaScript is stripped before it reaches the victim's browser context.

preventdetect

Deploys malicious-code detection mechanisms that can recognize and block execution of unauthorized scripts introduced via uploaded markdown files.

References