Miggo Logo
Miggo Vulnerability Database
CVE-2023-0835

CVE-2023-0835: markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-0835
GHSA ID
GHSA-qghr-877h-f9jh
EPSS Score
0.29697%
CWE
CWE-79
Published
4/5/2023
Updated
2/13/2025
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
markdown-pdfnpm<= 11.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input validation when processing user-supplied Markdown. The exploit demonstrates that raw HTML/script tags in Markdown are rendered as executable code during PDF generation. This indicates the Markdown parser (Remarkable) was configured to allow HTML parsing (html: true), enabling XSS. The server-side PhantomJS environment then executes these scripts, allowing local file read. While exact code isn't visible, the advisory and exploit mechanics point directly to the Markdown-to-HTML conversion function with insecure Remarkable configuration as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

m*rk*own-p** v*rsion **.*.* *llows *n *xt*rn*l *tt**k*r to r*mot*ly o*t*in *r*itr*ry lo**l *il*s. T*is is possi*l* ****us* t** *ppli**tion *o*s not v*li**t* t** M*rk*own *ont*nt *nt*r** *y t** us*r.

Reasoning

T** vuln*r**ility st*ms *rom improp*r input v*li**tion w**n pro**ssin* us*r-suppli** M*rk*own. T** *xploit **monstr*t*s t**t r*w *TML/s*ript t**s in M*rk*own *r* r*n**r** *s *x**ut**l* *o** *urin* P** **n*r*tion. T*is in*i**t*s t** M*rk*own p*rs*r (R