Ninjagptop

**Name of the Vulnerable Software and Affected Versions** CodiMD versions 2.2.0 and earlier **Description** The issue concerns a bypass of the Content Security Policy (CSP) protection mechanism against Cross-Site Scripting (XSS) attacks. This can be achieved by uploading a .html file that references an uploaded .js file, thus allowing the execution of malicious JavaScript content. **Recommendations** For versions 2.2.0 and earlier, as a temporary workaround, consider restricting the upload of .html and .js files to minimize the risk of exploitation. Additionally, restrict access to the file upload feature to authorized users only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodiMD versions 2.5.4 and earlier **Description** The issue concerns a bypass of the Content Security Policy (CSP) protection mechanism against Cross-Site Scripting (XSS) attacks through uploaded SVG documents containing JavaScript. This bypass can occur in certain cases of different-origin file storage, such as AWS S3, where the selected architecture does not have components that can insert Content-Security-Policy headers. It's noted that using AWS for hosting untrusted JavaScript content can be considered a user error. **Recommendations** For CodiMD versions 2.5.4 and earlier, consider implementing an alternative security mechanism to protect against XSS attacks, such as validating and sanitizing user-uploaded content, especially SVG documents. As a temporary workaround, restrict the upload of SVG documents or ensure that all file storage solutions, including AWS S3, are configured to insert appropriate Content-Security-Policy headers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.