Disclosure Date 2022/08/22

CVE-2022-27637

Cross-site Scripting in PukiWiki

PukiWikiにおけるXSS(クロスサイトスクリプティング)

Credit

stypr (@stereotype32)

Affected-Versions

1.5.3 and earlier

CWE

CWE-79

Description

Cross-site scripting vulnerability due to the inadequate tag sanitization in PukiWiki versions v1.5.3 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted URL.

Back