Cross-Site Scripting in gitbook
Moderate severity
GitHub Reviewed
Published
Sep 1, 2020
to the GitHub Advisory Database
•
Updated Sep 12, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 1, 2020
Last updated
Sep 12, 2023
Affected versions of
gitbookdo not properly sanitize user input outside of backticks, which may result in cross-site scripting in the online reader.Recommendation
Update to version 3.2.2 or later.
References