exploitDog

CVE-2025-46654

Опубликовано: 26 апр. 2025

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

Ссылки

https://github.com/hackmdio/codimd/issues/1910
Exploit
Issue Tracking
https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md
Exploit
Third Party Advisory
https://github.com/hackmdio/codimd/issues/1910
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hackmd:codimd:*:*:*:*:*:*:*:*

Версия до 2.2.0 (включая)

EPSS

Процентиль: 17%

0.00053

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-424

Связанные уязвимости

GHSA-4r7r-xfq3-2r3v

CVSS3: 4.9

github

10 месяцев назад

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

EPSS

Процентиль: 17%

0.00053

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-424