3 matches found
CVE-2025-46655
creationtimestamp| type| source ---|---|--- 2025-04-26 21:09:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13585 2025-04-26 21:37:08+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnqow3d5lqo2 2025-04-26...
CVE-2025-46655
CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...
CVE-2025-46655
CVE-2025-46655 affects CodiMD up to version 2.5.4. The issue is a bypass of the CSP-based XSS protection for SVG uploads when using cross-origin file storage (e.g., AWS S3) in configurations where the architecture cannot insert Content-Security-Policy headers. This can allow XSS in certain storag...