Stored XSS Vulnerability in Outline Document Editor
CVE-2024-40626
What is CVE-2024-40626?
A stored XSS vulnerability has been identified in Outline, an open-source collaborative document editor. This issue arises from a type confusion flaw in ProseMirror’s rendering process, enabling an authenticated user to inject malicious JavaScript into a document. When other users open this document, the payload executes within Outline's origin. Although Outline employs Content Security Policy (CSP) rules to limit third-party code execution, self-hosting configurations with file storage on the same domain can bypass these protections, allowing harmful payloads to be uploaded as attachments. Users are strongly encouraged to upgrade to version 0.77.3, as there are currently no workarounds available.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.