LaSuite Doc affected by Stored XSS via Interlinking Block

LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacker with document editing privileges can inject a malicious javascript: URL that executes arbitrary code when other users click on the link. This vulnerability is fixed in 4.4.0.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

La Suite Docs 跨站脚本漏洞

La Suite Docs是La Suite numérique开源的一个可扩展的协作笔记、维基和文档平台。 La Suite Docs 3.8.0版本至4.3.0版本存在跨站脚本漏洞，该漏洞源于Interlinking功能未验证URL，可能导致存储型跨站脚本攻击。

N/A

N/A