PT-2026-6783 · Hedgedoc · Hedgedoc

Huseynkhanli

·

Publicado

2026-02-06

·

Atualizado

2026-02-25

·

CVE-2026-25642

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.10.6
Description HedgeDoc is a real-time, collaborative, markdown notes application. Versions before 1.10.6 had a permissive Content-Security-Policy for files served under the /uploads/ endpoint. This allowed for the hosting of malicious interactive web content, such as fake login forms, using SVG files. The /uploads/ API endpoint was affected.
Recommendations Update to version 1.10.6 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-25642
GHSA-X74J-JMF9-534W

Produtos afetados

Hedgedoc