Описание
WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\, which is mishandled by a KaTeX parser.
WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\, which is mishandled by a KaTeX parser.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-53930
- https://github.com/Zavy86/WikiDocs/issues/211
- https://github.com/Zavy86/WikiDocs/pull/213
- https://github.com/Zavy86/WikiDocs/commit/aa264bd046a254522da67600be73791bd4e5dafc
- https://github.com/Zavy86/WikiDocs/compare/1.0.64...1.0.65
- https://github.com/Zavy86/WikiDocs/releases/tag/1.0.65
- https://www.xbow.com
Связанные уязвимости
CVSS3: 5.4
nvd
около 1 года назад
WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\, which is mishandled by a KaTeX parser.