Lucene search
K

117 matches found

NVD
NVD
added 2022/04/11 9:15 p.m.28 views

CVE-2022-24837

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5.3CVSS0.01082EPSS
Exploits0References3
Prion
Prion
added 2022/04/11 9:15 p.m.15 views

Design/Logic Flaw

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5CVSS5.2AI score0.01082EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/11 8:20 p.m.27 views

CVE-2022-24837 Enumerable upload file names in hedgedoc

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5.3CVSS5.5AI score0.01082EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/04/11 8:20 p.m.9 views

CVE-2022-24837 Enumerable upload file names in hedgedoc

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5.3CVSS5.2AI score0.01082EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/11 8:20 p.m.30 views

CVE-2022-24837 Enumerable upload file names in hedgedoc

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

5.3CVSS5.5AI score0.01082EPSS
Exploits0References3
CVE
CVE
added 2022/04/11 8:20 p.m.80 views

CVE-2022-24837

The CVE-2022-24837 entry corresponds to HedgeDoc: images uploaded since v1.9.1 generate enumerable filenames, enabling potential information leakage from private notes across all upload backends (except Lutim/imgur). The underlying issue is a predictable filename generation mechanism, which has b...

5.3CVSS5.1AI score0.01082EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.6 views

HedgeDoc 代码问题漏洞

Hedgedoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the Hedgedoc team. A security vulnerability exists in HedgeDoc version 1.9.1 and later versions, which stems from an uploaded image having an enumerable filename after uploading, resulting in the...

5.3CVSS5.7AI score0.01082EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2021/09/14 12:0 a.m.28 views

[ASA-202109-1] hedgedoc: cross-site scripting

Arch Linux Security Advisory ASA-202109-1 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-39175 Package : hedgedoc Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2331 Summary ======= The package hedgedoc before versi...

8.1CVSS2.2AI score0.00602EPSS
Exploits0References6
CNVD
CNVD
added 2021/08/31 12:0 a.m.20 views

HedgeDoc Cross-Site Scripting Vulnerability (CNVD-2021-93909)

HedgeDoc is a platform for writing and sharing Markdown. cross-site scripting vulnerabilities exist in versions of HedgeDoc prior to 1.9.0. An attacker could exploit the vulnerability by embedding an iframe hosting malicious code into a slideshow or embedding a HedgeDoc instance into another page...

8.1CVSS2.2AI score0.00602EPSS
Exploits0References1
OSV
OSV
added 2021/08/30 9:15 p.m.12 views

CVE-2021-39175

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...

6.1CVSS7.1AI score
Exploits0References4
NVD
NVD
added 2021/08/30 9:15 p.m.22 views

CVE-2021-39175

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...

8.1CVSS0.00602EPSS
Exploits0References4
Prion
Prion
added 2021/08/30 9:15 p.m.18 views

Code injection

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...

4.3CVSS6.4AI score0.00602EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/08/30 8:40 p.m.21 views

CVE-2021-39175 XSS vector in slide mode speaker-view

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...

8.1CVSS8.2AI score0.00602EPSS
Exploits0References4
CVE
CVE
added 2021/08/30 8:40 p.m.57 views

CVE-2021-39175

HedgeDoc prior to version 1.9.0 is vulnerable to cross-site scripting in the slide-mode speaker-notes. An unauthenticated attacker can inject arbitrary JavaScript by embedding an iframe hosting malicious code into the slides or by embedding the HedgeDoc instance into another page. The issue is fi...

8.1CVSS6.7AI score0.00602EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/30 12:0 a.m.6 views

PT-2021-22433 · Hedgedoc · Hedgedoc

Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.9.0 Description: HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by...

8.1CVSS6.6AI score0.00602EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.6 views

Hedgedoc 跨站脚本漏洞

HedgeDoc is a platform for writing and sharing Markdown. cross-site scripting vulnerabilities exist in versions of HedgeDoc prior to 1.9.0. An attacker could exploit the vulnerability by embedding an iframe hosting malicious code into a slideshow or embedding a HedgeDoc instance into another page...

8.1CVSS5.6AI score0.00602EPSS
Exploits0References5
NVD
NVD
added 2021/05/19 8:15 p.m.20 views

CVE-2021-29503

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

8.1CVSS0.01037EPSS
Exploits0References3
OSV
OSV
added 2021/05/19 8:15 p.m.12 views

CVE-2021-29503

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

6.1CVSS5.9AI score
Exploits0References3
Prion
Prion
added 2021/05/19 8:15 p.m.16 views

Cross site scripting

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

4.3CVSS5.9AI score0.01037EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/05/19 7:55 p.m.70 views

CVE-2021-29503

HedgeDoc before 1.8.2 is vulnerable to XSS via YAML-metadata in notes. An attacker with write access can embed HTML in Open Graph metadata, causing the frontend to render a script tag in the head; unauthenticated edits possible if guests can edit, otherwise authenticated users with write access c...

8.1CVSS6.3AI score0.01037EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder