Hackmdio
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-46655 | Med | 0.32 | 4.9 | 0.00 | Apr 26, 2025 | CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for… | ||
| CVE-2025-46654 | 0.00 | — | 0.00 | Apr 26, 2025 | CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file. | |||
| CVE-2024-38353 | 0.00 | — | 0.01 | Jul 10, 2024 | CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid… | |||
| CVE-2024-38354 | 0.00 | — | 0.00 | Jul 10, 2024 | CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks… | |||
| CVE-2024-22778 | 0.00 | — | 0.01 | Feb 21, 2024 | HackMD CodiMD <2.5.2 is vulnerable to Denial of Service. |
- risk 0.32cvss 4.9epss 0.00
CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for…
- CVE-2025-46654Apr 26, 2025risk 0.00cvss —epss 0.00
CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.
- CVE-2024-38353Jul 10, 2024risk 0.00cvss —epss 0.01
CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid…
- CVE-2024-38354Jul 10, 2024risk 0.00cvss —epss 0.00
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks…
- CVE-2024-22778Feb 21, 2024risk 0.00cvss —epss 0.01
HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.