Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XSS vector in slide mode speaker-view
Vulnerability Description
HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Hedgedoc 跨站脚本漏洞
Vulnerability Description
HedgeDoc是HedgeDoc团队的一个基于Javascript的Markdown文档实时编辑分享平台。 HedgeDoc 1.9.0之前版本存在跨站脚本漏洞,未经身份验证的攻击者可以通过将托管恶意代码的iframe嵌入幻灯片或将HedgeDoc实例嵌入另一个页面,将任意JavaScript注入幻灯片模式功能的演讲者备注中。
CVSS Information
N/A
Vulnerability Type
N/A