CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38354

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.7%

CVSS Severity

CVSS v3 Score 8.1

References

Products affected by CVE-2024-38354

Hackmd » Codimd » Version: N/A

cpe:2.3:a:hackmd:codimd:-
Hackmd » Codimd » Version: 0.3.3

cpe:2.3:a:hackmd:codimd:0.3.3
Hackmd » Codimd » Version: 0.3.4

cpe:2.3:a:hackmd:codimd:0.3.4
Hackmd » Codimd » Version: 0.4.0

cpe:2.3:a:hackmd:codimd:0.4.0
Hackmd » Codimd » Version: 0.4.1

cpe:2.3:a:hackmd:codimd:0.4.1
Hackmd » Codimd » Version: 0.4.2

cpe:2.3:a:hackmd:codimd:0.4.2
Hackmd » Codimd » Version: 0.4.3

cpe:2.3:a:hackmd:codimd:0.4.3
Hackmd » Codimd » Version: 0.4.4

cpe:2.3:a:hackmd:codimd:0.4.4
Hackmd » Codimd » Version: 0.4.5

cpe:2.3:a:hackmd:codimd:0.4.5
Hackmd » Codimd » Version: 0.4.6

cpe:2.3:a:hackmd:codimd:0.4.6
Hackmd » Codimd » Version: 0.5.0

cpe:2.3:a:hackmd:codimd:0.5.0
Hackmd » Codimd » Version: 0.5.1

cpe:2.3:a:hackmd:codimd:0.5.1
Hackmd » Codimd » Version: 1.0.0

cpe:2.3:a:hackmd:codimd:1.0.0
Hackmd » Codimd » Version: 1.0.1

cpe:2.3:a:hackmd:codimd:1.0.1
Hackmd » Codimd » Version: 1.1.0

cpe:2.3:a:hackmd:codimd:1.1.0
Hackmd » Codimd » Version: 1.1.1

cpe:2.3:a:hackmd:codimd:1.1.1
Hackmd » Codimd » Version: 1.2.0

cpe:2.3:a:hackmd:codimd:1.2.0
Hackmd » Codimd » Version: 1.2.1

cpe:2.3:a:hackmd:codimd:1.2.1
Hackmd » Codimd » Version: 1.3.0

cpe:2.3:a:hackmd:codimd:1.3.0
Hackmd » Codimd » Version: 1.3.1

cpe:2.3:a:hackmd:codimd:1.3.1
Hackmd » Codimd » Version: 1.4.0

cpe:2.3:a:hackmd:codimd:1.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38354

Products

Pricing

Contact Us