Lucene search

GoogleOSV:GHSA-F7RP-XX67-4PJ9

HistoryApr 04, 2023 - 3:30 p.m.

Phachon mm-wiki vulnerable to stored cross-site scripting (XSS)

2023-04-0415:30:28

Google

osv.dev

phachon

mm-wiki

vulnerability

stored

cross-site scripting

remote attacker

arbitrary code

javascript

markdown editor

malicious code

software

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.7%

JSON

Phachon mm-wiki v.0.1.2 vulnerable to stored cross-site scripting (XSS). This could allow a remote attacker to execute arbitrary code via JavaScript code in the markdown editor. Any user browsing the document containing XSS malicious code will trigger the vulnerability.

CPENameOperatorVersion
github.com/phachon/mm-wikile0.1.2

CPE	Name	Operator	Version
	github.com/phachon/mm-wiki	le	0.1.2

References

github.com/phachon/mm-wiki

github.com/phachon/mm-wiki/issues/68

nvd.nist.gov/vuln/detail/CVE-2020-19277