Cyber Resilience

CVE-2021-47840

MediumPublic PoC

Published: 16 January 2026

Published
16 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 13.1th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47840 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Imgur (inferred from references). Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2021-47840 is a persistent cross-site scripting vulnerability (CWE-79) in Moeditor version 0.2.0. The flaw resides in the software's handling of markdown files, enabling attackers to embed malicious JavaScript payloads within these files. When a victim opens an affected markdown file, the JavaScript executes, with potential for remote code execution on the victim's system. The vulnerability carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N), reflecting high severity due to network accessibility, low attack complexity, no required privileges, no user interaction, and changed scope.

Any unauthenticated attacker (PR:N) can exploit this vulnerability by uploading or distributing specially crafted markdown files containing the malicious payloads. Victims who open these files in Moeditor 0.2.0 trigger the execution of the embedded JavaScript, allowing limited confidentiality and integrity impacts (C:L/I:L) across security scopes, such as data theft or manipulation, with potential escalation to remote code execution depending on the payload and system context.

Advisories and resources, including those from VulnCheck at vulncheck.com/advisories/moeditor-persistent-cross-site-scripting, provide further details on the vulnerability. An exploit is publicly available at exploit-db.com/exploits/49830, alongside the official Moeditor site at moeditor.js.org and an Imgur gallery at imgur.com/a/UdP4JaX likely demonstrating the proof-of-concept. Specific patch or mitigation guidance is referenced in these advisories.

EU & UK References

Vulnerability details

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's…

more

system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

XSS in markdown rendering directly enables JavaScript execution (T1059.007) via malicious file opened by victim (T1204.002), with RCE potential.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2021-47838Shared CWE-79
CVE-2021-47837Shared CWE-79
CVE-2025-1015Shared CWE-79
CVE-2026-33932Shared CWE-79
CVE-2025-69368Shared CWE-79
CVE-2025-0829Shared CWE-79
CVE-2026-3880Shared CWE-79
CVE-2026-34557Shared CWE-79
CVE-2025-22326Shared CWE-79
CVE-2026-33299Shared CWE-79

Affected Assets

Imgur
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of markdown file content to reject or sanitize embedded JavaScript before rendering, directly blocking the persistent XSS payload.

prevent

Restricts execution of untrusted mobile code (JavaScript) contained in markdown files, preventing automatic execution when files are opened.

preventdetect

Deploys mechanisms to detect and block malicious code delivered via crafted markdown files before or during processing.

References