Cross-site Scripting (XSS) - Stored in outline/outline


Reported on

Jan 8th 2022


outline is a fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible. this package is vulnerable for stored XSS

Proof of Concept


Or here is the original video


This vulnerability is capable of Stored XSS

We are processing your report and will contact the outline team within 24 hours. 18 days ago
We have contacted a member of the outline team and are waiting to hear back 17 days ago
outline/outline maintainer validated this vulnerability 15 days ago
Abdul muhaimin has been awarded the disclosure bounty
The fix bounty is now up for grabs
outline/outline maintainer confirmed that a fix has been merged on 84cc45 15 days ago
The fix bounty has been dropped