PT-2018-6049 · Gitbook · Gitbook
Bkimminich
·
Publicado
2018-06-04
·
Atualizado
2020-09-01
·
CVE-2017-16019
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
GitBook versions prior to 3.2.2
Description:
The issue allows for Stored Cross-Site-Scripting (XSS) by including code outside of backticks in any ebook, which will be executed on the online reader. This is due to improper sanitization of user input outside of backticks.
Recommendations:
Update to version 3.2.2 or later. As a temporary workaround, consider avoiding the use of code outside of backticks in ebooks until the issue is resolved.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gitbook