Lucene search
China National Vulnerability DatabaseCNVD-2021-93909HistoryAug 31, 2021 - 12:00 a.m.
HedgeDoc Cross-Site Scripting Vulnerability (CNVD-2021-93909)
2021-08-3100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.001 Low
EPSS
Percentile
43.5%
HedgeDoc is a platform for writing and sharing Markdown. cross-site scripting vulnerabilities exist in versions of HedgeDoc prior to 1.9.0. An attacker could exploit the vulnerability by embedding an iframe hosting malicious code into a slideshow or embedding a HedgeDoc instance into another page to inject arbitrary JavaScript into the speaker notes of the slideshow mode feature.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hedgedoc hedgedoc | lt | 1.9.0 |
Related
cve
cve
CVE-2021-39175
2021-08-30 21:15:09
prion
prion
Code injection
2021-08-30 21:15:00
nvd
nvd
CVE-2021-39175
2021-08-30 21:15:09
osv
osv
CVE-2021-39175
2021-08-30 21:15:09
archlinux
archlinux
[ASA-202109-1] hedgedoc: cross-site scripting
2021-09-14 00:00:00
cvelist
cvelist
CVE-2021-39175 XSS vector in slide mode speaker-view
2021-08-30 20:40:13