Michael Engelke

**Name of the Vulnerable Software and Affected Versions** PmWiki version 2.2.20 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `from` parameter to the "Main/WikiSandbox" page. **Recommendations** For PmWiki version 2.2.20, consider restricting access to the `from` parameter in the Main/WikiSandbox page until a patch is available. As a temporary workaround, avoid using the `from` parameter in the affected page to minimize the risk of exploitation.