Codimd Security Vulnerabilities and Issues — Codimd CVE List

Lucene search

HackmdioCodimd

3 matches found

CVE•added 2025/04/26 9:15 p.m.•47 views

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

4.9CVSS6.1AI score0.00038EPSS

CVE•added 2024/07/10 8:15 p.m.•46 views

CVE-2024-38353

CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to acc...

5.3CVSS5.6AI score0.01443EPSS

CVE•added 2024/07/10 8:15 p.m.•43 views

CVE-2024-38354

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This ...

8.1CVSS6.5AI score0.00276EPSS