PT-2023-11517 · Phachon · Phachon Mm-Wiki

0X2E

Publicado

2023-04-04

Atualizado

2023-04-10

CVE-2020-19277

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Phachon mm-wiki version 0.1.2

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via JavaScript code in the markdown editor. This could allow a remote attacker to execute arbitrary code, and any user browsing the document containing malicious code will trigger the issue.

Recommendations For Phachon mm-wiki version 0.1.2, consider disabling the markdown editor until a patch is available to prevent exploitation. Restrict access to documents that may contain malicious JavaScript code to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2020-19277

GHSA-F7RP-XX67-4PJ9

Produtos afetados

Phachon Mm-Wiki

PT-2023-11517 · Phachon · Phachon Mm-Wiki

CVE-2020-19277

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5