CVE-2024-53930

MEDIUM

WikiDocs < 1.0.65 - Authenticated Stored Cross-Site Scripting via KaTeX Parser

Title source: llm

WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\, which is mishandled by a KaTeX parser.

Core 6

Core References

Various Sources

Various Sources

Patch

Issue Tracking

Issue Tracking

Release Notes

CVSS v3 5.4

EPSS 0.0043

EPSS Percentile 34.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-79

Status published

Published Nov 25, 2024

Tracked Since Feb 18, 2026