4 matches found
CVE-2021-39175
HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...
[ASA-202109-1] hedgedoc: cross-site scripting
Arch Linux Security Advisory ASA-202109-1 ========================================= Severity: High Date : 2021-09-14 CVE-ID : CVE-2021-39175 Package : hedgedoc Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2331 Summary ======= The package hedgedoc before versi...
CVE-2021-39175 XSS vector in slide mode speaker-view
HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into...
CVE-2021-39175
HedgeDoc prior to version 1.9.0 is vulnerable to cross-site scripting in the slide-mode speaker-notes. An unauthenticated attacker can inject arbitrary JavaScript by embedding an iframe hosting malicious code into the slides or by embedding the HedgeDoc instance into another page. The issue is fi...