Description
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows `<script>` tags to be included which execute when published. This issue has been addressed in commit `419862a9c9879c`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-35885 | CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows `<script>` tags to be included which execute when published. This issue has been addressed in commit `419862a9c9879c`. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
References
History
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T03:30:13.042Z
Reserved: 2024-05-20T21:07:48.186Z
Link: CVE-2024-36109
Updated: 2024-08-02T03:30:13.042Z
Status : Deferred
Published: 2024-05-28T19:15:10.910
Modified: 2026-06-17T07:36:07.397
Link: CVE-2024-36109
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD