Codimd
1 CVEs
product
Monthly
CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
XSS
Codimd
NVD
GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-46654
EPSS 0%
CVSS 4.9
MEDIUM
POC
This Month
CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
XSS
Codimd
NVD
GitHub