XSS in Hedgedoc
CVE-2026-58487
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Hedgedoc — versions < 1.11.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)