AVG-2331 log
| Package | hedgedoc |
| Status | Fixed |
| Severity | High |
| Type | cross-site scripting |
| Affected | 1.8.2-1 |
| Fixed | 1.9.0-1 |
| Current | 1.10.3-1 [extra] |
| Ticket | None |
| Created | Tue Aug 31 08:02:46 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-39175 | High | Yes | Cross-site scripting | In HedgeDoc versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 14 Sep 2021 | ASA-202109-1 | hedgedoc | cross-site scripting |