exploitDog

GHSA-4r7r-xfq3-2r3v

Опубликовано: 26 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.9

Описание

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

Ссылки

EPSS

Процентиль: 17%

0.00053

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-424

Связанные уязвимости

CVE-2025-46654

CVSS3: 4.9

nvd

10 месяцев назад

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

EPSS

Процентиль: 17%

0.00053

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-424