VYPR
Unrated severityNVD Advisory· Published Jul 10, 2024· Updated Aug 2, 2024

Cross-site Scripting in Hackmd.io Notes lead by HTML Injection

CVE-2024-38354

Description

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Hackmdio/Codimdllm-fuzzy2 versions
    <2.5.4+ 1 more
    • (no CPE)range: <2.5.4
    • (no CPE)range: < 2.5.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.