28 matches found
EUVD-2020-0788
Malware in sbrugna...
EUVD-2022-4227
Malicious code in bioql PyPI...
MAL-2025-21478 Malicious code in gitbook-plugin-datadotworld (npm)
The package gitbook-plugin-datadotworld was found to contain malicious code...
Malicious code in gitbook-plugin-datadotworld (npm)
The package gitbook-plugin-datadotworld was found to contain malicious code...
CVE-2019-19596
GitBook through 2.6.9 allows XSS via a local .md file...
GHSA-HWGP-C653-6684 GitBook allows Cross-site Scripting via a local .md file.
GitBook through 2.6.9 allows Cross-site Scripting via javascript inclusion in a local .md file...
@zambezi/ez-doc (=1.0.0-prepare-for-open-source.1), apigeeks-devdocs (=1.0.5) +10 more potentially affected by CVE-2019-19596 via gitbook (>=0.0.1 <=2.6.6)
gitbook NPM version =0.0.1, =1.0.3, =0.0.1, =0.0.0, =0.0.2, =0.0.1, =1.5.0 - grunt-gitbook-install =1.0.0 - lab-devdocs =0.0.1 Source cves: CVE-2019-19596 Source advisory: OSV:GHSA-HWGP-C653-6684...
GitBook allows Cross-site Scripting via a local .md file.
GitBook through 2.6.9 allows Cross-site Scripting via javascript inclusion in a local .md file...
GHSA-5H5R-23R4-M87H Cross-Site Scripting in gitbook
Affected versions of gitbook do not properly sanitize user input outside of backticks, which may result in cross-site scripting in the online reader. Recommendation Update to version 3.2.2 or later...
@zambezi/ez-doc (=1.0.0-prepare-for-open-source.1), apigeeks-devdocs (=1.0.5) +10 more potentially affected by CVE-2017-16019 via gitbook (>=0.0.1 <=2.6.6)
gitbook NPM version =0.0.1, =1.0.3, =0.0.1, =0.0.0, =0.0.2, =0.0.1, =1.5.0 - grunt-gitbook-install =1.0.0 - lab-devdocs =0.0.1 Source cves: CVE-2017-16019 Source advisory: OSV:GHSA-5H5R-23R4-M87H...
Cross-Site Scripting in gitbook
Affected versions of gitbook do not properly sanitize user input outside of backticks, which may result in cross-site scripting in the online reader. Recommendation Update to version 3.2.2 or later...
GitBook Cross-Site Scripting Vulnerability
GitBook is a command-line tool for publishing and hosting books online. A cross-site scripting vulnerability exists in GitBook 2.6.9 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability...
Cross-Site Scripting (XSS)
gitbook is vulnerable to cross-site scripting XSS. An attacker is able to inject arbitrary Javascript into a victim's browser using a local .md file which is rendered when displayed on the browser...
CVE-2019-19596
GitBook through 2.6.9 allows XSS via a local .md file...
CVE-2019-19596
GitBook through 2.6.9 allows XSS via a local .md file...
Cross site scripting
GitBook through 2.6.9 allows XSS via a local .md file...
CVE-2019-19596
The connected documents confirm CVE-2019-19596 affects GitBook up to version 2.6.9 and is a Cross‑Site Scripting (XSS) vulnerability triggered by a local .md file being rendered, enabling attacker‑controlled script to execute in the victim’s browser. Root cause details, affected environments, or ...
CVE-2019-19596
GitBook through 2.6.9 allows XSS via a local .md file...
PT-2019-15882 · Gitbook · Gitbook
Name of the Vulnerable Software and Affected Versions: GitBook versions 2.6.9 and earlier Description: The issue allows for Cross-site Scripting XSS via a local .md file, potentially through javascript inclusion. This could be exploited by an attacker to execute malicious scripts on a user's...
GitBook online reader cross-site scripting vulnerability
GitBook is a command-line tool for publishing and hosting books online. online reader is one of the online reading modules. A cross-site scripting vulnerability exists in the online reader in GitBook versions prior to 3.2.2, which stems from the program failing to properly filter user input. A...