Cross-site Scripting (XSS) - Stored in outline/outline


Reported on

Jan 8th 2022


outline is a fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible. this package is vulnerable for stored XSS

Proof of Concept


Or here is the original video


This vulnerability is capable of Stored XSS

We are processing your report and will contact the outline team within 24 hours. a year ago
We have contacted a member of the outline team and are waiting to hear back a year ago
outline/outline maintainer validated this vulnerability a year ago
Abdul muhaimin has been awarded the disclosure bounty
The fix bounty is now up for grabs
outline/outline maintainer marked this as fixed in v0.61.1 with commit 84cc45 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation