CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T04:04:25.208Z
Reserved: 2024-06-14T14:16:16.464Z
Link: CVE-2024-38354

Updated: 2024-07-11T15:04:14.556Z

Status : Modified
Published: 2024-07-10T20:15:04.293
Modified: 2024-11-21T09:25:25.717
Link: CVE-2024-38354

No data.