References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0.

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE-79

https://github.com/suitenumerique/docs/commit/e807237dbedbc189230296b81c3aeccc1c04fa77

https://github.com/suitenumerique/docs/releases/tag/v4.4.0

https://github.com/suitenumerique/docs/security/advisories/GHSA-4rwv-ghwh-9rv6