[manjaro-security] [ASA-202109-1] hedgedoc: cross-site scripting
Jonas Witschel via arch-security
arch-security at lists.archlinux.org
Wed Sep 15 10:47:45 CEST 2021
Arch Linux Security Advisory ASA-202109-1
Date : 2021-09-14
CVE-ID : CVE-2021-39175
Package : hedgedoc
Type : cross-site scripting
Remote : Yes
Link : https://security.archlinux.org/AVG-2331
The package hedgedoc before version 1.9.0-1 is vulnerable to cross-site
Upgrade to 1.9.0-1.
# pacman -Syu "hedgedoc>=1.9.0-1"
The problem has been fixed upstream in version 1.9.0.
In HedgeDoc versions prior to 1.9.0, an unauthenticated attacker can
feature by embedding an iframe hosting the malicious code into the
slides or by embedding the HedgeDoc instance into another page.
code in the slide mode of HedgeDoc.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the manjaro-security