6 matches found
EUVD-2024-37277
Malicious code in bioql PyPI...
CVE-2024-38354
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...
CVE-2024-38354 Cross-site Scripting in Hackmd.io Notes lead by HTML Injection
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...
CVE-2024-38354 Cross-site Scripting in Hackmd.io Notes lead by HTML Injection
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...
CVE-2024-38354 Cross-site Scripting in Hackmd.io Notes lead by HTML Injection
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...
CVE-2024-38354
CVE-2024-38354 affects CodiMD/HackMD.io notes, where the notebook feature allows rendering of iframe HTML tags with an improperly sanitized name attribute, enabling DOM clobbering-based XSS. The issue, fixed in version 2.5.4, impacts note collaboration environments that render untrusted HTML. No ...