216.73.217.50

CVE-2017-20239

· Published 12/04/2026 13:16 · Modified 13/04/2026 15:01

Labels: CVE-2017-20239 2026-04-12CVE-2017-20239CWE-79[email protected]

Essential information

Published
12/04/2026 13:16
Modified
13/04/2026 15:01
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization, causing the injected scripts to execute in the victim's browser context.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mdwiki / mdwiki cpe:2.3:a:mdwiki:mdwiki:*:*:*:*:*:*:*:*

References