PT-2023-11517 · Phachon · Phachon Mm-Wiki
0X2E
·
Published
2023-04-04
·
Updated
2023-04-10
·
CVE-2020-19277
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Phachon mm-wiki version 0.1.2
Description
A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via JavaScript code in the markdown editor. This could allow a remote attacker to execute arbitrary code, and any user browsing the document containing malicious code will trigger the issue.
Recommendations
For Phachon mm-wiki version 0.1.2, consider disabling the markdown editor until a patch is available to prevent exploitation. Restrict access to documents that may contain malicious JavaScript code to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phachon Mm-Wiki