Filtered by vendor Getoutline Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-40626 1 Getoutline 1 Outline 2024-11-21 7.3 High
Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting (XSS) vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other users view this document, the malicious Javascript can execute in the origin of Outline. Outline includes CSP rules to prevent third-party code execution, however in the case of self-hosting and having your file storage on the same domain as Outline a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions. This issue has been addressed in release version 0.77.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-37830 1 Getoutline 1 Outline 2024-11-21 4.3 Medium
An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.
CVE-2024-37829 1 Getoutline 1 Outline 2024-11-21 8.8 High
An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link.
CVE-2023-3532 1 Getoutline 1 Outline 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to 0.70.1.
CVE-2022-2342 1 Getoutline 1 Outline 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.