Vulnerabilities (CVE)

Filtered by vendor Hackmd Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-38354 1 Hackmd 1 Codimd 2024-11-21 N/A 8.1 HIGH
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.
CVE-2019-15499 2 Apple, Hackmd 2 Safari, Codimd 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.