Disclosure Date 2020/11/16
CVE-2020-5672
Stored Cross-site Scripting in KonaWiki3
KonaWiki3の格納型クロスサイトスクリプティング
Credit
stypr (@stereotype32)
Affected-Versions
- KonaWiki3.1.1 and earlier
CWE
CWE-79
Description
Because the sanitizing process is not performed properly, an arbitrary script is executed on the web browser of the user who accesses a wiki page containing a specially crafted content written by an attacker.