HedgeDoc is a platform for writing and sharing Markdown. cross-site scripting vulnerabilities exist in versions of HedgeDoc prior to 1.9.0. An attacker could exploit the vulnerability by embedding an iframe hosting malicious code into a slideshow or embedding a HedgeDoc instance into another page to inject arbitrary JavaScript into the speaker notes of the slideshow mode feature.
CPE | Name | Operator | Version |
---|---|---|---|
hedgedoc hedgedoc | lt | 1.9.0 |