Bookstack Security Vulnerabilities

CVE-2023-6199

Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to...

CVE-2023-4624

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to...

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary...

CVE-2022-0877

Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to...

CVE-2021-4194

bookstack is vulnerable to Improper Access...

CVE-2021-4119

bookstack is vulnerable to Improper Access...

CVE-2021-3944

bookstack is vulnerable to Cross-Site Request Forgery...

CVE-2021-4026

bookstack is vulnerable to Improper Access...

CVE-2021-3915

bookstack is vulnerable to Unrestricted Upload of File with Dangerous...

CVE-2021-3916

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path...

CVE-2021-3906

bookstack is vulnerable to Unrestricted Upload of File with Dangerous...

CVE-2021-3874

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path...

CVE-2021-3767

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site...

CVE-2021-3768

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site...

CVE-2021-3758

bookstack is vulnerable to Server-Side Request Forgery...

CVE-2020-26260

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or....

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page....

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the.....

CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

CVE-2020-5256

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...

CVE-2017-1000462

BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript...