Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HedgeDoc security headers for uploaded files were not working
Vulnerability Description
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.6, files served below the /uploads/ endpoint did not use a more strict security-policy. This resulted in a too open Content-Security-Policy and furthermore opened the possibility to host malicious interactive web content (such as fake login forms) using SVG files. This vulnerability is fixed in 1.10.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
HedgeDoc 跨站脚本漏洞
Vulnerability Description
HedgeDoc是HedgeDoc团队的一个基于Javascript的Markdown文档实时编辑分享平台。 HedgeDoc 1.10.6之前版本存在跨站脚本漏洞,该漏洞源于/uploads/端点下的文件未使用更严格的安全策略,可能导致托管恶意交互式Web内容。
CVSS Information
N/A
Vulnerability Type
N/A