EPSS
Percentile
30.9%
libkiwix.so is vulnerable to cross-site scripting(XSS) attacks. The library does not properly escape the searchURL parameter in the built-in webserver functionality, which allows an attacker to inject and execute malicious code.
searchURL
github.com/kiwix/libkiwix/commit/f893777dc03f73e1f89fc3e92667a1587de6759a
github.com/kiwix/libkiwix/issues/728
github.com/kiwix/libkiwix/pull/721
lists.fedoraproject.org/archives/list/[email protected]/message/KD4KX5N2PGMIOQR2IZWEUTZCCTPWU3EJ/