Lucene search
GoogleOSV:GHSA-5RCC-6CMJ-7728HistoryMar 09, 2022 - 12:00 a.m.
Cross-site Scripting in BookStack
2022-03-0900:00:44
Google
osv.dev
7
bookstack
cross-site scripting
iframe
sandbox
malicious javascript
phishing
attack
software
EPSS
0.001
Percentile
21.4%
Iframe tags don’t have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop this type of attack.
Related
cvelist
cvelist
CVE-2022-0877 Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack
2022-03-08 12:40:09
github
github
Cross-site Scripting in BookStack
2022-03-09 00:00:44
prion
prion
Cross site scripting
2022-03-08 13:15:00
nvd
nvd
CVE-2022-0877
2022-03-08 13:15:08
huntr
huntr
Cross-site Scripting (XSS) - Stored
2022-03-05 14:24:54
cve
cve
CVE-2022-0877
2022-03-08 13:15:08
veracode
veracode
Cross-site Scripting (XSS)
2022-03-14 11:40:56
osv
osv
CVE-2022-0877
2022-03-08 13:15:08