Lucene search
K

4 matches found

NVD
NVD
added 2025/04/10 2:15 p.m.15 views

CVE-2025-32391

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

6.4CVSS0.003EPSS
Exploits0References4
CVE
CVE
added 2025/04/10 1:11 p.m.70 views

CVE-2025-32391

HedgeDoc has a vulnerability (CVE-2025-32391) up to version 1.10.2 where uploading a malicious SVG can trigger cross-site scripting when the file is opened in a new tab, via the GitHub Gist JSONP embedding feature. The issue affects instances using the local filesystem upload backend or configura...

6.4CVSS6.1AI score0.003EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/04/10 1:11 p.m.22 views

CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

6.4CVSS0.003EPSS
Exploits0References4
OSV
OSV
added 2025/04/10 1:11 p.m.10 views

CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.3, a malicious SVG file uploaded to HedgeDoc results in the possibility of XSS when opened in a new tab instead of the editor itself. The XSS is possible by exploiting the JSONP capabilities of GitHub...

6.4CVSS6AI score0.003EPSS
Exploits0References6
Rows per page
Query Builder