Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.Referenceshttps://www.twcert.org.tw/tw/cp-132-5167-2defb-1.html
