github.com/documize/community is vulnerable to cross-site scripting (XSS). The application does not properly convert markdown data into HTML. An attacker will potentially be able to inject and execute arbitrary Javascript in a victim’s browser. The bluemonday
HTML sanitizer is used to address this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/documize/community | eq | HEAD | |
github.com/documize/community | le | 3.5.0 |