Ekzorcisto

**Name of the Vulnerable Software and Affected Versions** Airbnb Knowledge Repo versions 0.7.4 through 0.8.x Airbnb Knowledge Repo versions prior to 0.9.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the "post/posts/new report.kp" URI. This could potentially affect a significant number of devices, but the exact number is not specified. **Recommendations** For Airbnb Knowledge Repo versions 0.7.4 through 0.8.x, update to version 0.9.0 or later. For Airbnb Knowledge Repo versions prior to 0.9.0, update to version 0.9.0 or later. As a temporary workaround, consider restricting access to the post comments functionality until a patch is available.