CVE-2024-22778

HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...

CVE-2024-22778

HackMD CodiMD 2.5.2 is vulnerable to Denial of Service...

CVE-2024-22778

HackMD CodiMD versions before 2.5.2 are vulnerable to Denial of Service. Affected software: HackMD CodiMD prior to 2.5.2. Root cause and impact: DoS vulnerability with CWEs not specified in the documents; CVSSv3.1 base score 7.5 (Network exploitation, Low attack complexity, No privileges, No user...

CVE-2021-29474

CVE-2021-29474 affects HedgeDoc (CodiMD). The vulnerability allows a relative path traversal via an improper input validation in the note creation flow: an URL-encoded alias is passed through the router into noteController.showNote, then into findNote/parseNoteId, ultimately using a possibly unva...

CVE-2019-15499

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...

CVE-2019-15499

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...

Cross site scripting

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...

CVE-2019-15499

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...

CVE-2019-15499

CVE-2019-15499 affects CodiMD 1.3.1. In Safari, an XSS can be triggered via an IFRAME element with allow-top-navigation in the sandbox attribute when used with a data: URL. Multiple sources (NVD, Red Hat advisory, OSV, CVE lists) corroborate this description. No explicit patch/version remediation...