2 matches found
CVE-2021-29503
HedgeDoc before 1.8.2 is vulnerable to XSS via YAML-metadata in notes. An attacker with write access can embed HTML in Open Graph metadata, causing the frontend to render a script tag in the head; unauthenticated edits possible if guests can edit, otherwise authenticated users with write access c...
CVE-2021-29503 Improper Neutralization of Script-Related HTML Tags in Notes
HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...