2 matches found
CVE-2022-36081
Wikmd (a Markdown-based wiki) is affected by CVE-2022-36081 due to a path traversal flaw when accessing /list/path:folderpath , exposing server file lists including sensitive data. The issue affects versions prior to 1.7.1; version 1.7.1 includes the fix. Remediation: upgrade Wikmd to 1.7.1 or la...
CVE-2022-36080
Affected software : Wikmd (file-based wiki using Markdown). Vulnerability : Cross-site scripting in versions prior to 1.7.1, enabling an attacker to capture a user’s session cookies or run malicious JavaScript when a victim edits a Markdown file. Root cause/vector : XSS that occurs during the edi...