exploitDog

CVE-2022-36080

Опубликовано: 07 сент. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user's session cookies or execute malicious Javascript when a victim edits a markdown file. Version 1.7.1 fixes this issue.

Ссылки

https://github.com/Linbreux/wikmd/commit/259412c47d64d5b85980f95345179fbf05927798
Patch
Third Party Advisory
https://github.com/Linbreux/wikmd/security/advisories/GHSA-9m4m-6gqx-gfj3
Third Party Advisory
https://github.com/Linbreux/wikmd/commit/259412c47d64d5b85980f95345179fbf05927798
Patch
Third Party Advisory
https://github.com/Linbreux/wikmd/security/advisories/GHSA-9m4m-6gqx-gfj3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wikmd_project:wikmd:*:*:*:*:*:*:*:*

Версия до 1.7.1 (исключая)

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 46%

0.00234

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Уязвимость CVE-2022-36080