Cross-site Scripting
GitBook allows XSS via a local .md file.
Advisories for Npm/Gitbook package
2019
2018
Cross-site Scripting
gitook allows the injection of javascript code that be executed on the online reader.
2016
Cross Site Scripting
Stored Cross-Site-Scripting (XSS) is possible by including code outside of backticks in any ebook. This code will be executed on the online reader.