Headline
CVE-2022-36080: Prevent Cross-site Scripting when editing makdown file
Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user’s session cookies or execute malicious Javascript when a victim edits a markdown file. Version 1.7.1 fixes this issue.
High
Linbreux published GHSA-9m4m-6gqx-gfj3
Sep 4, 2022
Package
wiki.py (wikmd)
Affected versions
< 1.7.0
Patched versions
>= 1.7.1
Description
Impact
An attacker could capture user’s session cookies or execute malicious Javascript
Severity
High
CVE ID
CVE-2022-36080
Weaknesses
CWE-79
Credits
- Mephue