Lucene search

GitHub Advisory DatabaseGHSA-F7RP-XX67-4PJ9

HistoryApr 04, 2023 - 3:30 p.m.

Phachon mm-wiki vulnerable to stored cross-site scripting (XSS)

2023-04-0415:30:28

CWE-79

GitHub Advisory Database

github.com

phachon

mm-wiki

xss

vulnerability

javascript

remote attacker

arbitrary code

stored cross-site scripting

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.7%

JSON

Phachon mm-wiki v.0.1.2 vulnerable to stored cross-site scripting (XSS). This could allow a remote attacker to execute arbitrary code via JavaScript code in the markdown editor. Any user browsing the document containing XSS malicious code will trigger the vulnerability.

Affected configurations

Vulners

Node

github.com\/phachon\/mmwikiRange≤0.1.2

CPENameOperatorVersion
github.com/phachon/mm-wikile0.1.2

CPE	Name	Operator	Version
	github.com/phachon/mm-wiki	le	0.1.2

References

github.com/advisories/GHSA-f7rp-xx67-4pj9

github.com/phachon/mm-wiki/issues/68

nvd.nist.gov/vuln/detail/CVE-2020-19277