CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40626 – Stored Cross-site Scripting (XSS) vulnerability in Outline editor
https://notcve.org/view.php?id=CVE-2024-40626
Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting (XSS) vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other users view this document, the malicious Javascript can execute in the origin of Outline. Outline includes CSP rules to prevent third-party code execution, however in the case of self-hosting and having your file storage on the same domain as Outline a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions. • https://github.com/outline/outline/security/advisories/GHSA-888c-mvg8-v6wh • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3532 – Cross-site Scripting (XSS) - Stored in outline/outline
https://notcve.org/view.php?id=CVE-2023-3532
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to 0.70.1. • https://github.com/outline/outline/commit/9431df45c210e85b77cd27f2ffaf0358b837afa3 https://huntr.dev/bounties/ebd2428a-e2cb-480e-ba37-dd89ad62cf1b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2342 – Cross-site Scripting (XSS) - Stored in outline/outline
https://notcve.org/view.php?id=CVE-2022-2342
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de Github outline/outline versiones anteriores a v0.64.4 • https://github.com/outline/outline/commit/85657b7340cdeaa696034f294489df8d6a4914d3 https://huntr.dev/bounties/b2caceaa-5b28-40ba-9980-70144159efba • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •