CVE-2025-46655

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.

CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.

CodiMD hasta la versión 2.5.4 cuenta con un mecanismo de protección basado en CSP contra XSS mediante la carga de documentos SVG que contienen JavaScript, pero este mecanismo puede omitirse en ciertos casos de almacenamiento de archivos de origen diferente, como AWS S3. NOTA: Esto puede considerarse un error del usuario si se utiliza AWS para alojar contenido JavaScript no confiable, pero la arquitectura seleccionada dentro de AWS no cuenta con componentes que permitan insertar encabezados Content-Security-Policy.