Security Advisory

CVE-2024-38354

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-10 19:49:55

Last updated 2024-08-02 04:04:25

Assigner GitHub_M

State PUBLISHED

Description

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.

← Browse all CVEs View on cve.org ↗