Vulnerabilities in HackMD
2 resultsCVE-2025-46654MEDIUMCodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploadiEPSS 0.2%CVE-2025-46655MEDIUMCodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be byEPSS 0.2%