Cross-site Scripting (XSS) - Stored in outline/outline

Valid

Reported on

Jan 8th 2022

Description

outline is a fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible. this package is vulnerable for stored XSS

Proof of Concept

Imgur

Or here is the original video

Impact

This vulnerability is capable of Stored XSS

We are processing your report and will contact the outline team within 24 hours. a year ago

We have contacted a member of the outline team and are waiting to hear back a year ago

A outline/outline maintainer validated this vulnerability a year ago

Abdul muhaimin has been awarded the disclosure bounty

The fix bounty is now up for grabs

A outline/outline maintainer marked this as fixed in v0.61.1 with commit 84cc45 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

to join this conversation