Tommoor

**Name of the Vulnerable Software and Affected Versions** Outline versions 0.72.0 through 0.83.0 **Description** Outline, a collaborative documentation service, introduced a local file system storage feature in versions 0.72.0 through 0.83.0. This feature introduced a Content-Type bypass and a Cross-Site Scripting (CSP) bypass. When self-hosted and using `FILE STORAGE=local` on the same domain as the Outline application, a malicious payload could be uploaded as a file attachment, bypassing CSP restrictions and enabling script execution within another user’s context. **Recommendations** Update to version 0.84.0 or later.