Vulnerabilidades en hedgedoc
13 resultadosCVE-2021-29474MEDIUMRelative Path Traversal Attack on note creationEPSS 1.6%CVE-2020-26287HIGHStored XSS in mermaid diagramsEPSS 1.4%CVE-2020-26286HIGHArbitary file uploadEPSS 1.4%CVE-2021-21259HIGHStored XSS in slide modeEPSS 1.4%CVE-2021-29475CRITICALPDF export allows arbitrary file readsEPSS 1.2%CVE-2022-24837MEDIUMEnumerable upload file names in hedgedocEPSS 1.1%CVE-2021-29503HIGHImproper Neutralization of Script-Related HTML Tags in NotesEPSS 1.0%CVE-2023-38487MEDIUMHedgeDoc API allows to hide existing notesEPSS 0.7%CVE-2021-39175HIGHXSS vector in slide mode speaker-viewEPSS 0.6%CVE-2024-45308MEDIUMMySQL & free URL mode allows to hide existing notes in hedgedocEPSS 0.6%CVE-2025-32391MEDIUMHedgeDoc allows XSS possibility through malicious SVG uploadsEPSS 0.3%CVE-2026-25642MEDIUMHedgeDoc security headers for uploaded files were not workingEPSS 0.2%CVE-2025-66629LOWHedgeDoc is missing state parameter in OAuth2 flows could lead to CSRFEPSS 0.1%