Pmwiki · Pmwiki · CVE-2010-4748
**Name of the Vulnerable Software and Affected Versions**
PmWiki version 2.2.20
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `from` parameter to the "Main/WikiSandbox" page.
**Recommendations**
For PmWiki version 2.2.20, consider restricting access to the `from` parameter in the Main/WikiSandbox page until a patch is available. As a temporary workaround, avoid using the `from` parameter in the affected page to minimize the risk of exploitation.