Cross-site Scripting (XSS) - Stored in outline/outline

Valid

Reported on

Jan 8th 2022


Description

outline is a fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible. this package is vulnerable for stored XSS

Proof of Concept

Imgur

Or here is the original video

Impact

This vulnerability is capable of Stored XSS

We are processing your report and will contact the outline team within 24 hours. 9 days ago
We have contacted a member of the outline team and are waiting to hear back 8 days ago
outline/outline maintainer validated this vulnerability 6 days ago
Abdul muhaimin has been awarded the disclosure bounty
The fix bounty is now up for grabs
outline/outline maintainer confirmed that a fix has been merged on 84cc45 6 days ago
The fix bounty has been dropped