HIGH🇵🇱 Wersja polska

CVE-2021-39175

CVSS 8.1v3.1pub. 2021-08-30upd. 2024-11-21

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
  • Hedgedoc

    APP
    Hedgedoc
    < 1.9.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassXSS
CWE
References

Related vulnerabilities

CVE-2021-29475CRITICAL10.0ten sam produkt

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to re...

CVE-2021-29503HIGH8.1ten sam produkt

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-sit...

CVE-2021-21259HIGH7.4ten sam produkt

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc bef...

CVE-2020-26287HIGH8.7ten sam produkt

HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an att...

CVE-2020-26286HIGH7.5ten sam produkt

HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an una...