exploitDog

CVE-2024-38354

Опубликовано: 10 июл. 2024

Источник: nvd

CVSS3: 8.1

CVSS3: 6.1

EPSS Низкий

Описание

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.

Ссылки

https://github.com/hackmdio/codimd/security/advisories/GHSA-22jv-vch8-2vp9
Exploit
Vendor Advisory
https://github.com/hackmdio/codimd/security/advisories/GHSA-22jv-vch8-2vp9
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hackmd:codimd:*:*:*:*:*:*:*:*

Версия до 2.5.4 (исключая)

EPSS

Процентиль: 76%

0.00965

Низкий

8.1 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

EPSS

Процентиль: 76%

0.00965

Низкий

8.1 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79