BookStack Cross-Site Scripting Vulnerability (CNVD-2021-93902)

BookStack is a platform for storing and organizing information and documents. bookStack suffers from a stored cross-site scripting vulnerability. An attacker could use the vulnerability to obtain administrator cookies, among other things...

CVE-2021-3767

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2021-3768

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2021-3767

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2021-3768

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

Cross site scripting

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

Cross site scripting

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2021-3768

CVE-2021-3768 affects BookStack and stems from Improper Neutralization of Input During Web Page Generation, enabling stored Cross-Site Scripting (XSS). The vulnerability affects input handling in bookstack app/book pages and can lead to leakage of administrator cookies and other impacts as descri...

CVE-2021-3767

BookStack (CVE-2021-3767) is affected by a stored Cross-site Scripting (XSS) vulnerability in bookstackapp/bookstack caused by improper neutralization of input during web page generation. Public descriptions and PoCs show injected SVG content (notably via SVG elements and xlink:href) can lead to ...

BookStack 跨站脚本漏洞

BookStack, a platform for storing and organizing information and documents, is vulnerable to a storage cross-site scripting vulnerability. An attacker could use this vulnerability to obtain administrator cookies, etc...

BookStack 跨站脚本漏洞

BookStack is a platform for storing and organizing information and documents. bookStack suffers from a stored cross-site scripting vulnerability. An attacker could use the vulnerability to obtain administrator cookies, among other things...

CVE-2021-3758

bookstack is vulnerable to Server-Side Request Forgery SSRF...

CVE-2021-3758

bookstack is vulnerable to Server-Side Request Forgery SSRF...

Server side request forgery (ssrf)

bookstack is vulnerable to Server-Side Request Forgery SSRF...

CVE-2021-3758

CVE-2021-3758 affects BookStack (bookstackapp/bookstack). The vulnerability is an SSRF flaw in how a page exported to PDF handles HTML content (e.g., an tag referencing external resources). The PoC shows server-side requests triggered during PDF export, enabling access to internal resources from...

CVE-2021-3758 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

bookstack is vulnerable to Server-Side Request Forgery SSRF...

BookStack 代码问题漏洞

BookStack is an open source platform for building wiki documentation using PHP and Laravel from the BookStackApp Bookstackapp team. Bookstack has a code issue vulnerability that arises from improper design or implementation during code development of a web-based system or product...

CVE-2020-26260

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...

CVE-2020-26260

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...

Information disclosure

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...