CVE-2025-46654

Published April 26th, 2025

View on NVD ↗

CVSS v3

4.9

MEDIUM

CVSS v2

N/A

Affected

PROJECTS

Description

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

hackmdio/codimd

CodiMD - Realtime collaborative markdown notes on all platforms.

GitHub

10.1K

zast-ai/vulnerability-reports

GitHub