Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-38354 | 1 Hackmd | 1 Codimd | 2024-11-21 | N/A | 8.1 HIGH |
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4. | |||||
CVE-2019-15499 | 2 Apple, Hackmd | 2 Safari, Codimd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL. |