XSS in Hedgedoc

CVE-2026-58487

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References