CVE-2025-46654 – CodiMD through 2.2.0 has a CSP-based protection me

April 26, 2025

CVE ID : CVE-2025-46654

Published : April 26, 2025, 9:15 p.m. | 1 hour, 48 minutes ago

Description : CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46655 – CodiMD AWS S3 SVG XSS Bypass

Next Article CVE-2025-46653 – Formidable File Name Guessing Vulnerability

How To Prevent WordPress SQL Injection Attacks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Databricks adds new tools like Lakebase, Lakeflow Designer, and Agent Bricks to better support building AI apps and agents in the enterprise

Zencoder launches end-to-end UI testing agent

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

The Alters PC review: I’m rethinking my own life paths after falling in love with a sci-fi game

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

Developing a Serverless Blogging Platform with AWS Lambda and Python

YAML files in DBT

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

CVE-2025-46654 – CodiMD through 2.2.0 has a CSP-based protection me

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

bmk is a command-line bookmark manager

CVE-2025-48266 – RealMag777 Active Products Tables for WooCommerce Stored Cross-site Scripting

Commvault Updates Security Advisory After Nation-State Threat Actor Activity in Azure

Understanding CSS Perspective: Bringing Depth to Your Designs

CVE-2025-47302 – Apache HTTP Server Unvalidated User Input

Best home automation systems 2025: I’m a smart home reviewer and these are the top ones

CVE-2025-49073 – Axiomthemes Sweet Dessert Deserialization of Untrusted Data Object Injection Vulnerability

Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges

CVE-2025-46654 – CodiMD through 2.2.0 has a CSP-based protection me

Related Posts