Published: 29/12/2020 Updated: 30/12/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.7 | Impact Score: 5.8 | Exploitability Score: 2.3

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. Our content security policy prevents loading scripts from most locations, but `www.google-analytics.com` is allowed. Using Google Tag Manger it is possible to inject arbitrary JavaScript and execute it on page load. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.1. As a workaround one can disallow `www.google-analytics.com` in the `Content-Security-Policy` header. Note that other ways to leverage the `script` tag injection might exist.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hedgedoc hedgedoc

CWE-79 https://github.com/hedgedoc/hedgedoc/releases/tag/1.7.1 https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-g6w6-7xf9-m95p https://github.com/Alemmi/ctf-writeups/blob/main/hxpctf-2020/hackme/solution.md https://github.com/hackmdio/codimd/issues/1630 https://github.com/hedgedoc/hedgedoc/commit/58276ebbf4504a682454a3686dcaff88bc1069d4 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-26287

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect