Vulnerabilities

CVE-2025-46654

by Fred · 26/04/2025

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

More information : https://github.com/hackmdio/codimd/issues/1910

Similar

Tags: Cybersecurity Alert