AVG-2331 log

Package hedgedoc
Status Fixed
Severity High
Type cross-site scripting
Affected 1.8.2-1
Fixed 1.9.0-1
Current 1.9.0-1 [community]
Ticket None
Created Tue Aug 31 08:02:46 2021
Issue Severity Remote Type Description
CVE-2021-39175 High Yes Cross-site scripting
In HedgeDoc versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by...
Date Advisory Package Type
14 Sep 2021 ASA-202109-1 hedgedoc cross-site scripting