Lucene search
GoogleOSV:CVE-2020-11055HistoryMay 07, 2020 - 9:15 p.m.
CVE-2020-11055
2020-05-0721:15:11
Google
osv.dev
3
0.001 Low
EPSS
Percentile
34.4%
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2.
Related
veracode
veracode
Cross-Site Scripting (XSS)
2020-05-08 04:39:53
cvelist
cvelist
CVE-2020-11055 Cross-site Scripting in BookStack
2020-05-07 20:40:14
nvd
nvd
CVE-2020-11055
2020-05-07 21:15:11
osv
osv
Cross-Site Scripting in BookStack
2020-05-07 21:10:26
jvn
jvn
JVN#41035278: BookStack vulnerable to cross-site scripting
2020-05-13 00:00:00
cve
cve
CVE-2020-11055
2020-05-07 21:15:11
prion
prion
Cross site scripting
2020-05-07 21:15:00
github
github
Cross-Site Scripting in BookStack
2020-05-07 21:10:26