Diplodoc Search Extension
Monthly
Stored cross-site scripting (XSS) in @diplodoc/search-extension versions 1.0.0 through 3.0.2 allows authenticated users to inject malicious scripts via the title field in Markdown files, which are then executed in the browsers of other users viewing the affected documentation. The vulnerability requires user interaction (rendered content must be viewed) and affects the confidentiality and integrity of affected systems. Vendor-released patch: version 3.0.3.
Stored cross-site scripting (XSS) in @diplodoc/search-extension versions 1.0.0 through 3.0.2 allows authenticated users to inject malicious scripts via the title field in Markdown files, which are then executed in the browsers of other users viewing the affected documentation. The vulnerability requires user interaction (rendered content must be viewed) and affects the confidentiality and integrity of affected systems. Vendor-released patch: version 3.0.3.