Disclosure Date 2020/11/16

CVE-2020-5673

Reflected Cross-site Scripting in KonaWiki3

KonaWiki3の反射型クロスサイトスクリプティング

Credit

stypr (@stereotype32)

Affected-Versions

  • KonaWiki3.1.1 and earlier

CWE

  • CWE-79

Description

Because the sanitizing process is not performed properly, an arbitrary web script is executed on the web browser of the user who accesses a specially crafted URL.

Back