CNNVD-202602-959 Information
CNNVD ID
CNNVD-202602-959
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
HedgeDoc是HedgeDoc团队的一个基于Javascript的Markdown文档实时编辑分享平台。 HedgeDoc 1.10.6之前版本存在跨站脚本漏洞,该漏洞源于/uploads/端点下的文件未使用更严格的安全策略,可能导致托管恶意交互式Web内容。
Description (English)
HedgeDoc is a real-time editing platform for Markdown documents based on Javascript for the HedgeDoc team. HedgeDoc 1.10.6 has a cross-site script loophole, which stems from the fact that documents under /uploads/ends do not use more stringent security strategies and may lead to the hosting of malicious interactive Web content.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
HedgeDoc
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/hedgedoc/hedgedoc/commit/74daa0e7a1cbfafd9aeb255eaf064dfe47cd401c https://github.com/hedgedoc/hedgedoc/commit/b930fe04cee92cd4723044030bb59c36781c7137 https://github.com/hedgedoc/hedgedoc/releases/tag/1.10.6 https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-x74j-jmf9-534w