Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.
6.1CVSS
6AI Score
0.001EPSS
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.
9.1CVSS
9.1AI Score
0.004EPSS