CVE-2018-12104

Name of the Vulnerable Software and Affected Versions Airbnb Knowledge Repo versions 0.7.4 through 0.8.x Airbnb Knowledge Repo versions prior to 0.9.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the "post/posts/new report.kp" URI. This could potentially affect a significant number of devices, but the exact number is not specified.

Recommendations For Airbnb Knowledge Repo versions 0.7.4 through 0.8.x, update to version 0.9.0 or later. For Airbnb Knowledge Repo versions prior to 0.9.0, update to version 0.9.0 or later. As a temporary workaround, consider restricting access to the post comments functionality until a patch is available.