Описание
Cross-site Scripting in BookStack
Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop this type of attack.
Пакеты
Наименование
ssddanbrown/bookstack
composer
Затронутые версииВерсия исправления
< 22.02.3
22.02.3
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.