EPSS
Percentile
21.4%
ssddanbrown/bookstack, is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization of the iframe tags on the CspService.php file allows an attacker to inject javascript through it.
iframe
CspService.php
github.com/bookstackapp/bookstack/commit/856fca8289b7370cafa033ea21c408e7d4303fd6
github.com/BookStackApp/BookStack/issues/3314
huntr.dev/bounties/b04df4e3-ae5a-4dc6-81ec-496248b15f3c