Vulnerability Details CVE-2022-36080
Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user's session cookies or execute malicious Javascript when a victim edits a markdown file. Version 1.7.1 fixes this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.8%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/Linbreux/wikmd/commit/259412c47d64d5b85980f95345179fbf05927798
- https://github.com/Linbreux/wikmd/security/advisories/GHSA-9m4m-6gqx-gfj3
- https://github.com/Linbreux/wikmd/commit/259412c47d64d5b85980f95345179fbf05927798
- https://github.com/Linbreux/wikmd/security/advisories/GHSA-9m4m-6gqx-gfj3
Products affected by CVE-2022-36080
-
cpe:2.3:a:wikmd_project:wikmd:-
-
cpe:2.3:a:wikmd_project:wikmd:1.0
-
cpe:2.3:a:wikmd_project:wikmd:1.1
-
cpe:2.3:a:wikmd_project:wikmd:1.2
-
cpe:2.3:a:wikmd_project:wikmd:1.3
-
cpe:2.3:a:wikmd_project:wikmd:1.4
-
cpe:2.3:a:wikmd_project:wikmd:1.4.1
-
cpe:2.3:a:wikmd_project:wikmd:1.4.2
-
cpe:2.3:a:wikmd_project:wikmd:1.4.3
-
cpe:2.3:a:wikmd_project:wikmd:1.4.4
-
cpe:2.3:a:wikmd_project:wikmd:1.5
-
cpe:2.3:a:wikmd_project:wikmd:1.5.1
-
cpe:2.3:a:wikmd_project:wikmd:1.6
-
cpe:2.3:a:wikmd_project:wikmd:1.6.1
-
cpe:2.3:a:wikmd_project:wikmd:1.6.2
-
cpe:2.3:a:wikmd_project:wikmd:1.7.0