npm

Severity: low

Cross-Site Scripting

gitbook

Overview

Affected versions of gitbook do not properly sanitize user input outside of backticks, which may result in cross-site scripting in the online reader.

Remediation

Update to version 3.2.2 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Apr 14th, 2017
  2. reported

    Initial report by Björn Kimminich
    Nov 28th, 2016