HIGH🇬🇧 English

CVE-2021-39175

CVSS 8.1v3.1pub. 2021-08-30upd. 2024-11-21

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
  • Hedgedoc

    APP
    Hedgedoc
    < 1.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth BypassXSS
CWE
Referencje

Powiązane podatności

CVE-2021-29475CRITICAL10.0ten sam produkt

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to re...

CVE-2021-29503HIGH8.1ten sam produkt

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-sit...

CVE-2021-21259HIGH7.4ten sam produkt

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc bef...

CVE-2020-26287HIGH8.7ten sam produkt

HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an att...

CVE-2020-26286HIGH7.5ten sam produkt

HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an una...