4 matches found
CVE-2026-58487
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its publish and slide views. An attacker could register a...
CVE-2026-58487 HedgeDoc: Stored HTML injection via email local-part
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its publish and slide views. An attacker could register a...
CVE-2026-58487 HedgeDoc: Stored HTML injection via email local-part
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its publish and slide views. An attacker could register a...
CVE-2026-58487
HedgeDoc before version 1.11.0 is vulnerable to stored HTML injection via the local-part of registered email addresses. An attacker could register a specially crafted email, reuse the local-part as the display name, and inject HTML into pages viewed by others (publish, slide views, and collaborat...