1 results (0.001 seconds)
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26297 – XSS in mdBook's search page
https://notcve.org/view.php?id=CVE-2020-26297
04 Jan 2021 — mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBook (introduced in version 0.1.4) was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious s... • https://crates.io/crates/mdbook • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •