CVE-2021-39175

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-39175
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39175.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-39175
Related
  • GHSA-j748-779h-9697
Published
2021-08-30T21:15:09Z
Modified
2025-01-08T08:16:17.766935Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.

References

Affected packages

Git / github.com/hedgedoc/hedgedoc

Affected ranges

Type
GIT
Repo
https://github.com/hedgedoc/hedgedoc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
98b0bf25d2859f335f90a805120726a5c54b1917

Affected versions

0.*

0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.5.0

1.*

1.0.0-ce
1.0.1-ce
1.1.0-ce
1.1.1-ce
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.4.0
1.5.0
1.6.0
1.7.0
1.7.0-rc1
1.7.0-rc2
1.7.1
1.7.2
1.8.0
1.8.0-rc1
1.8.1
1.8.2
1.9.0-rc1

v0.*

v0.3.3
v0.3.4