vulnerability

FreeBSD: VID-40b481a9-9df7-11eb-9bc3-8c164582fbac (CVE-2020-26297): mdbook -- XSS in mdBook's search page

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Apr 15, 2021	Nov 4, 2022	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Apr 15, 2021

Added

Nov 4, 2022

Modified

Dec 10, 2025

Description

Rust Security Response Working Group reports: The search feature of mdBook (introduced in version 0.1.4) was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query, or tricking the user into clicking a link to the search page with the malicious search query prefilled. mdBook 0.4.5 fixes the vulnerability by properly escaping the search query.

Solution

freebsd-upgrade-package-mdbook

References

CVE-2020-26297
https://attackerkb.com/topics/CVE-2020-26297
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today