CVE-2017-20239

MEDIUM 6.1

MDwiki Cross-Site Scripting via Location Hash Parameter

CVSS Score

6.1

EPSS Score

0.0%

EPSS Percentile

11th

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without sanitization, causing the injected scripts to execute in the victim's browser context.

CWE	CWE-79
Vendor	dynalon
Product	mdwiki
Published	Apr 12, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for dynalon mdwiki

Be the first to know when new medium vulnerabilities affecting dynalon mdwiki are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

None

Availability

None

Affected Versions

Dynalon / MDwiki

0.6.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46097 vulncheck.com: https://www.vulncheck.com/advisories/mdwiki-cross-site-scripting-via-location-hash-parameter