Mephue

**Name of the Vulnerable Software and Affected Versions** Wikmd versions prior to 1.7.1 **Description** The issue allows an attacker to capture a user's session cookies or execute malicious Javascript when a victim edits a markdown file. **Recommendations** For versions prior to 1.7.1, update to version 1.7.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wikmd versions prior to 1.7.1 **Description** The issue affects Wikmd, a file-based wiki that uses markdown. It is vulnerable to path traversal when accessing "/list/<path:folderpath>" and discloses lists of files located on the server, including sensitive data. **Recommendations** For versions prior to 1.7.1, update to version 1.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the "/list/<path:folderpath>" endpoint until the update is applied.