Home > Vulnerability Database > CVE-2021-47837

Mend.io Vulnerability Database

CVE-2021-47837

Good to know:

Date: January 16, 2026

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution.

Severity Score

7.2

Related Resources (6)

Url: https://github.com/amitmerchant1990/electron-markdownify

Url: https://imgur.com/a/T4jBoiS

Url: https://www.exploit-db.com/exploits/49835

Url: https://www.vulncheck.com/advisories/markdownify-persistent-cross-site-scripting

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-47837

Url: https://www.mend.io/vulnerability-database/CVE-2021-47837

Severity Score

7.2

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-47837

Good to know:

Date: January 16, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?