HedgeDoc 1.7.1 allows injection of arbitrary script tags via mermaid diagrams, allowing potential execution of arbitrary JavaScript on page load
Reporter | Title | Published | Views | Family All 5 |
---|---|---|---|---|
![]() | Hedgedoc Cross-Site Scripting Vulnerability | 30 Dec 202000:00 | – | cnvd |
![]() | CVE-2020-26287 Stored XSS in mermaid diagrams | 28 Dec 202023:30 | – | cvelist |
![]() | Design/Logic Flaw | 29 Dec 202000:15 | – | prion |
![]() | CVE-2020-26287 | 29 Dec 202000:15 | – | nvd |
![]() | CVE-2020-26287 | 29 Dec 202000:15 | – | osv |
[
{
"product": "hedgedoc",
"vendor": "hedgedoc",
"versions": [
{
"status": "affected",
"version": "< 1.7.1"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo