CVE-2021-47840
Published: 16 January 2026
Summary
CVE-2021-47840 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Imgur (inferred from references). Its CVSS base score is 5.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2021-47840 is a persistent cross-site scripting vulnerability (CWE-79) in Moeditor version 0.2.0. The flaw resides in the software's handling of markdown files, enabling attackers to embed malicious JavaScript payloads within these files. When a victim opens an affected markdown file, the JavaScript executes, with potential for remote code execution on the victim's system. The vulnerability carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N), reflecting high severity due to network accessibility, low attack complexity, no required privileges, no user interaction, and changed scope.
Any unauthenticated attacker (PR:N) can exploit this vulnerability by uploading or distributing specially crafted markdown files containing the malicious payloads. Victims who open these files in Moeditor 0.2.0 trigger the execution of the embedded JavaScript, allowing limited confidentiality and integrity impacts (C:L/I:L) across security scopes, such as data theft or manipulation, with potential escalation to remote code execution depending on the payload and system context.
Advisories and resources, including those from VulnCheck at vulncheck.com/advisories/moeditor-persistent-cross-site-scripting, provide further details on the vulnerability. An exploit is publicly available at exploit-db.com/exploits/49830, alongside the official Moeditor site at moeditor.js.org and an Imgur gallery at imgur.com/a/UdP4JaX likely demonstrating the proof-of-concept. Specific patch or mitigation guidance is referenced in these advisories.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2868
Vulnerability details
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's…
more
system.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS in markdown rendering directly enables JavaScript execution (T1059.007) via malicious file opened by victim (T1204.002), with RCE potential.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of markdown file content to reject or sanitize embedded JavaScript before rendering, directly blocking the persistent XSS payload.
Restricts execution of untrusted mobile code (JavaScript) contained in markdown files, preventing automatic execution when files are opened.
Deploys mechanisms to detect and block malicious code delivered via crafted markdown files before or during processing.