Vulnerability Description
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows `<script>` tags to be included which execute when published. This issue has been addressed in commit `419862a9c9879c`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/sagemathinc/cocalc/commit/419862a9c9879c
- https://github.com/sagemathinc/cocalc/security/advisories/GHSA-8w44-hggw-p5rf
- https://github.com/sagemathinc/cocalc/commit/419862a9c9879c
- https://github.com/sagemathinc/cocalc/security/advisories/GHSA-8w44-hggw-p5rf
FAQ
What is CVE-2024-36109?
CVE-2024-36109 is a vulnerability with a CVSS score of 7.6 (HIGH). CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows `<script>` tags to be included which execute w...
How severe is CVE-2024-36109?
CVE-2024-36109 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-36109?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.