{"id":"PYSEC-2018-116","details":"Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI.","aliases":["CVE-2018-12104","GHSA-xmw7-848p-p95w"],"modified":"2026-06-10T17:01:49.071479008Z","published":"2018-06-17T20:29:00Z","references":[{"type":"REPORT","url":"https://github.com/airbnb/knowledge-repo/issues/431"},{"type":"WEB","url":"http://www.securityfocus.com/bid/104487"},{"type":"PACKAGE","url":"https://pypi.org/project/knowledge-repo"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12104"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-xmw7-848p-p95w"}],"affected":[{"package":{"name":"knowledge-repo","ecosystem":"PyPI","purl":"pkg:pypi/knowledge-repo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.5"}]}],"versions":["0.6.1","0.6.10","0.6.11","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/knowledge-repo/PYSEC-2018-116.yaml"}}],"schema_version":"1.7.5"}