Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop this type of attack.

Affected Packages

Packagist ssddanbrown/bookstack

Affected versions: 0 (fixed in 22.02.3)

Related CVEs

CVE-2022-0877

Key Information

GHSA ID

GHSA-5rcc-6cmj-7728

Published

March 9, 2022 12:00 AM

Last Modified

March 14, 2022 9:03 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

ssddanbrown/bookstack

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.