Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-f7rp-xx67-4pj9: Phachon mm-wiki vulnerable to stored cross-site scripting (XSS)

Phachon mm-wiki v.0.1.2 vulnerable to stored cross-site scripting (XSS). This could allow a remote attacker to execute arbitrary code via JavaScript code in the markdown editor. Any user browsing the document containing XSS malicious code will trigger the vulnerability.

ghsa
Open in Source
#xss#vulnerability#git#java
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2020-19277

Phachon mm-wiki vulnerable to stored cross-site scripting (XSS)

Moderate severity GitHub Reviewed Published Apr 4, 2023 to the GitHub Advisory Database • Updated Apr 5, 2023

Package

gomod github.com/phachon/mm-wiki (Go)

Affected versions

<= 0.1.2

Phachon mm-wiki v.0.1.2 vulnerable to stored cross-site scripting (XSS). This could allow a remote attacker to execute arbitrary code via JavaScript code in the markdown editor. Any user browsing the document containing XSS malicious code will trigger the vulnerability.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2020-19277
  • phachon/mm-wiki#68

Published to the GitHub Advisory Database

Apr 4, 2023

Related news

CVE-2020-19277: Vulnerability: Stored XSS and CSRF · Issue #68 · phachon/mm-wiki

Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor.

ghsa: Latest News

GHSA-j4jw-m6xr-fv6c: Soft Serve vulnerable to path traversal attacks
ghsa